Описание
A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().
Ссылки
- PatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.2.0 (исключая)
cpe:2.3:a:eternal_terminal_project:eternal_terminal:*:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00549
Низкий
7.5 High
CVSS3
Дефекты
CWE-362
CWE-362
Связанные уязвимости
CVSS3: 7.5
debian
больше 3 лет назад
A race condition exists in Eternal Terminal prior to version 6.2.0 tha ...
EPSS
Процентиль: 67%
0.00549
Низкий
7.5 High
CVSS3
Дефекты
CWE-362
CWE-362