Eternal Terminal
CVE-2023-23558
MEDIUM
Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in that file.
AnalysisAI
In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. Rated medium severity (CVSS 6.3). Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-59. In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in that file. Affected products include: Eternal Terminal Project Eternal Terminal.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Eternal Terminal
View allA race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other
A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. Rated high severity (CVSS 7.5), this v
A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Termi
Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, including a DoS triggered re
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today