Lucene search

GoogleOSV:CVE-2022-24950

HistoryAug 16, 2022 - 1:15 a.m.

CVE-2022-24950

2022-08-1601:15:12

Google

osv.dev

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%

JSON

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users’ SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().

CPENameOperatorVersion
eternalterminaleqet-v5.1.0
eternalterminaleqet-v5.1.4
eternalterminaleqet-v5.0.7
eternalterminaleqet-v5.1.1
eternalterminaleqet-v4.1.1
eternalterminaleqet-v5.1.5
eternalterminaleqet-v5.1.8
eternalterminaleqet-v4.0.3
eternalterminaleqet-v4.2.0
eternalterminaleqet-v6.0.2

Name	Operator	Version
eternalterminal	eq	et-v5.1.0
eternalterminal	eq	et-v5.1.4
eternalterminal	eq	et-v5.0.7
eternalterminal	eq	et-v5.1.1
eternalterminal	eq	et-v4.1.1
eternalterminal	eq	et-v5.1.5
eternalterminal	eq	et-v5.1.8
eternalterminal	eq	et-v4.0.3
eternalterminal	eq	et-v4.2.0
eternalterminal	eq	et-v6.0.2

Rows per page:

1-10 of 501

References

www.openwall.com/lists/oss-security/2023/02/16/1

github.com/metaredteam/external-disclosures/security/advisories/GHSA-85gw-pchc-4rf3

github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%

JSON

Related for OSV:CVE-2022-24950