CVE-2023-23558

Exploit

EPSS 0.06%
Veröffentlicht 16.02.2023 16:15:12
Zuletzt bearbeitet 19.03.2025 16:15:19
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in that file.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eternal Terminal Project ≫ Eternal Terminal Version6.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.195

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.3	1	5.2	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.3	1	5.2	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://www.openwall.com/lists/oss-security/2023/02/16/1

Patch

Third Party Advisory

Mailing List

https://bugzilla.suse.com/show_bug.cgi?id=1207126

Third Party Advisory

Exploit

Issue Tracking

https://github.com/MisterTea/EternalTerminal

Product

https://nvd.nist.gov/vuln/detail/CVE-2023-23558

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-23558

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-23558

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-23558