High severity7.5NVD Advisory· Published Aug 16, 2022· Updated Jun 17, 2026
CVE-2022-24950
CVE-2022-24950
Description
A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- Range: <6.2.0
- Range: <6.2.0
- osv-coords5 versionspkg:rpm/opensuse/EternalTerminal&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/EternalTerminal&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/EternalTerminal&distro=openSUSE%20Tumbleweedpkg:rpm/suse/EternalTerminal&distro=SUSE%20Package%20Hub%2015%20SP3pkg:rpm/suse/EternalTerminal&distro=SUSE%20Package%20Hub%2015%20SP4
< 6.2.1-bp153.2.3.1+ 4 more
- (no CPE)range: < 6.2.1-bp153.2.3.1
- (no CPE)range: < 6.2.1-bp154.2.3.1
- (no CPE)range: < 6.2.1-2.1
- (no CPE)range: < 6.2.1-bp153.2.3.1
- (no CPE)range: < 6.2.1-bp154.2.3.1
- Jason Gauci/Eternal Terminalv5Range: unspecified
Patches
Vulnerability mechanics
References
3- github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3nvdPatchThird Party Advisory
- github.com/metaredteam/external-disclosures/security/advisories/GHSA-85gw-pchc-4rf3nvdExploitThird Party Advisory
- www.openwall.com/lists/oss-security/2023/02/16/1nvd
News mentions
0No linked articles in our index yet.