cvedb.io
CVE-2022-24950
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2022-08-16T01:15:12.437 · Last modified 2026-06-17T04:32:50.720

Summary

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().

Affected products

eternal_terminal_project — eternal_terminal

Does this affect you?

Add your gear to cvedb and we'll alert you only when eternal_terminal_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.