CVE-2023-23558

In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in that file.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
6.3 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
VendorProductVersion
eternal_terminal_projecteternal_terminal
6.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2023/02/16/1
https://bugzilla.suse.com/show_bug.cgi?id=1207126
https://github.com/MisterTea/EternalTerminal
http://www.openwall.com/lists/oss-security/2023/02/16/1
https://bugzilla.suse.com/show_bug.cgi?id=1207126
https://github.com/MisterTea/EternalTerminal