← voltar
CVE-2022-24950

CVE-2022-24950

EPSS 1.0%CWE-362
A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().
Produtos afetados
Jason Gauci · Eternal Terminal

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-85gw-pchc-4rf3https://github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3http://www.openwall.com/lists/oss-security/2023/02/16/1