Upstream information
Description
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 5.8 |
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | None |
| National Vulnerability Database | SUSE | |
|---|---|---|
| Base Score | 7.4 | 7.4 |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
| Access Vector | Network | Network |
| Access Complexity | High | High |
| Privileges Required | None | None |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality Impact | High | High |
| Integrity Impact | High | High |
| Availability Impact | None | None |
| CVSSv3 Version | 3.1 | 3.1 |
- SUSE-CU-2020:191-1, published Fri Jun 12 07:21:38 MDT 2020
- SUSE-CU-2020:192-1, published Fri Jun 12 07:28:29 MDT 2020
- SUSE-CU-2020:385-1, published Wed Aug 12 01:43:35 MDT 2020
- SUSE-CU-2020:386-1, published Wed Aug 12 01:48:03 MDT 2020
- SUSE-CU-2020:387-1, published Wed Aug 12 01:49:27 MDT 2020
- SUSE-CU-2020:388-1, published Wed Aug 12 01:50:53 MDT 2020
- SUSE-CU-2020:389-1, published Wed Aug 12 01:56:23 MDT 2020
- SUSE-CU-2020:662-1, published Tue Nov 10 00:09:40 MST 2020
- SUSE-CU-2020:663-1, published Tue Nov 10 00:12:16 MST 2020
- SUSE-CU-2020:665-1, published Tue Nov 10 00:17:43 MST 2020
- SUSE-CU-2020:773-1, published Fri Dec 11 23:51:45 MST 2020
- SUSE-CU-2020:774-1, published Fri Dec 11 23:52:04 MST 2020
- SUSE-CU-2020:776-1, published Fri Dec 11 23:53:48 MST 2020
- SUSE-CU-2020:777-1, published Fri Dec 11 23:55:30 MST 2020
- SUSE-CU-2020:781-1, published Sat Dec 12 00:02:51 MST 2020
- SUSE-CU-2020:782-1, published Sat Dec 12 00:03:06 MST 2020
- SUSE-CU-2020:783-1, published Sat Dec 12 00:04:50 MST 2020
- SUSE-CU-2020:784-1, published Sat Dec 12 00:05:09 MST 2020
- SUSE-CU-2020:785-1, published Sat Dec 12 00:07:03 MST 2020
- SUSE-CU-2020:787-1, published Sat Dec 12 00:08:40 MST 2020
- SUSE-CU-2020:788-1, published Sat Dec 12 00:09:42 MST 2020
- SUSE-CU-2020:789-1, published Sat Dec 12 00:11:49 MST 2020
- SUSE-CU-2020:790-1, published Sat Dec 12 00:12:14 MST 2020
- SUSE-CU-2020:791-1, published Sat Dec 12 00:12:38 MST 2020
- SUSE-CU-2020:793-1, published Sat Dec 12 00:14:47 MST 2020
- SUSE-CU-2020:794-1, published Sat Dec 12 00:15:04 MST 2020
- SUSE-CU-2020:796-1, published Sat Dec 12 01:34:14 MST 2020
- SUSE-CU-2020:797-1, published Sat Dec 12 01:34:34 MST 2020
- SUSE-CU-2020:798-1, published Sat Dec 12 01:34:55 MST 2020