CVE-2022-24950

HIGH

Eternal Terminal < 6.2.0 - Authenticated SSH Authorization Socket Hijack via Race Condition in UserTerminalRouter

Title source: llm
STIX 2.1

Description

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().

Scores

CVSS v3 7.5
EPSS 0.0101
EPSS Percentile 59.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-362
Status published
Products (1)
eternal_terminal_project/eternal_terminal < 6.2.0
Published Aug 16, 2022
Tracked Since Feb 18, 2026