{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T16:16:28.775","vulnerabilities":[{"cve":{"id":"CVE-2022-24950","sourceIdentifier":"cve-assign@fb.com","published":"2022-08-16T01:15:12.437","lastModified":"2024-11-21T06:51:26.677","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId()."},{"lang":"es","value":"Se presenta una condición de carrera en Eternal Terminal versiones anteriores a 6.2.0, que permite a un atacante autenticado secuestrar el socket de autorización SSH de otros usuarios, permitiendo al atacante iniciar sesión en otros sistemas como los usuarios objetivo. El error está en la función UserTerminalRouter::getInfoForId()."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"cve-assign@fb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eternal_terminal_project:eternal_terminal:*:*:*:*:*:*:*:*","versionEndExcluding":"6.2.0","matchCriteriaId":"F81EA524-B9EE-48C8-B8BF-8E53D2AAD574"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/02/16/1","source":"cve-assign@fb.com"},{"url":"https://github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3","source":"cve-assign@fb.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-85gw-pchc-4rf3","source":"cve-assign@fb.com","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/02/16/1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-85gw-pchc-4rf3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}