Описание
In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in that file.
Ссылки
- Mailing ListPatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Product
- Mailing ListPatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:eternal_terminal_project:eternal_terminal:6.2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 15%
0.00048
Низкий
6.3 Medium
CVSS3
Дефекты
CWE-59
CWE-59
Связанные уязвимости
CVSS3: 6.3
debian
почти 3 года назад
In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. ...
CVSS3: 6.3
github
почти 3 года назад
In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in that file.
EPSS
Процентиль: 15%
0.00048
Низкий
6.3 Medium
CVSS3
Дефекты
CWE-59
CWE-59