CVE-2022-29930Predictable Exact Value from Previous Values in Ktor

CWE-342Predictable Exact Value from Previous ValuesCWE-330Use of Insufficiently Random Values3 documents3 sources
Severity
4.9MEDIUMNVD
CNA8.7
EPSS
0.0%
top 99.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jetbrains Ktor
Timeline
PublishedMay 12
Latest updateMay 13

Description

SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5jetbrains/ktor2.0.12.0.1+1
NVDjetbrains/ktor2.0.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-52xf-qwx9-xfxq: SHA1 implementation in JetBrains Ktor Native before 22022-05-13
CVEList
CVE-2022-29930: SHA1 implementation in JetBrains Ktor Native 22022-05-12
CVE-2022-29930 — Jetbrains Ktor vulnerability | cvebase