CVE-2023-23558

medium

Description

In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in that file.

References

https://github.com/MisterTea/EternalTerminal

https://bugzilla.suse.com/show_bug.cgi?id=1207126

http://www.openwall.com/lists/oss-security/2023/02/16/1

Details

Source: Mitre, NVD

Published: 2023-02-16

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:N

Severity: Medium

CVSS v3

Base Score: 6.3

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00039