CVE-2022-24950

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-24950

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24950.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-24950

Related

Published

2022-08-16T01:15:12Z

Modified

2025-01-08T14:08:53.052260Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().

References

Affected packages

Git / github.com/mistertea/eternalterminal

Affected ranges

Type: GIT
Repo: https://github.com/mistertea/eternalterminal
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

900348bb8bc96e1c7ba4888ac8480f643c43d3c3

Fixed

900348bb8bc96e1c7ba4888ac8480f643c43d3c3

Affected versions

et-v1.*

et-v1.1.1

et-v2.*

et-v2.0.0

et-v2.0.1

et-v2.0.2

et-v2.1.0

et-v3.*

et-v3.0.0

et-v3.0.1

et-v3.0.2

et-v3.0.4

et-v3.0.5

et-v3.0.6

et-v3.1.0

et-v3.1.1

et-v4.*

et-v4.0.1

et-v4.0.2

et-v4.0.3

et-v4.0.4

et-v4.0.5

et-v4.1.0

et-v4.1.1

et-v4.1.2

et-v4.2.0

et-v4.2.1

et-v5.*

et-v5.0.0

et-v5.0.1

et-v5.0.2

et-v5.0.3

et-v5.0.4

et-v5.0.5

et-v5.0.6

et-v5.0.7

et-v5.1.0

et-v5.1.1

et-v5.1.10

et-v5.1.2

et-v5.1.3

et-v5.1.4

et-v5.1.5

et-v5.1.6

et-v5.1.7

et-v5.1.8

et-v5.1.9

et-v6.*

et-v6.0.1

et-v6.0.2

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.1.0