cvedb.io
CVE-2021-44512
HIGH · CVSS 7
EPSS exploitation probability: 0%
Published 2021-12-07T03:15:07.160 · Last modified 2026-06-17T04:12:29.570

Summary

World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory.

Affected products

tmate — tmate-ssh-server

Does this affect you?

Add your gear to cvedb and we'll alert you only when tmate ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.