CVE-2022-24950

Summary

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().

Affected Software

VendorProductVersion RangeStatus
Jason GauciEternal Terminalunspecified < 6.2.0affected

Weaknesses

  • CWE-362: Race Condition (CWE-362)

ADP Enrichment

CVE Program Container

Additional References

References