VDB

CVE-2022-24950

CVE-2022-24950 PUBLISHED CVSS 7.5 HIGH

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().

EPSS 0.57% · 69.1th percentile

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.57%
69.1th percentile

Affected Products

VendorProductVersions
eternal_terminal_projecteternal_terminal0
Jason GauciEternal Terminalunspecified

Timeline

  • Aug 16, 2022 CVE Published
  • Aug 16, 2022 EPSS Score
  • Oct 1, 2022 EPSS Score
  • Nov 16, 2022 EPSS Score
  • Jan 1, 2023 EPSS Score
  • Feb 16, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • May 19, 2023 EPSS Score
  • Jul 4, 2023 EPSS Score
  • Aug 19, 2023 EPSS Score
  • Oct 4, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›