CVE-2022-48258

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-48258
In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://www.openwall.com/lists/oss-security/2023/02/16/1
https://github.com/MisterTea/EternalTerminal/issues/555 Patch Third Party Advisory
https://github.com/MisterTea/EternalTerminal/pull/556 Exploit Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2RY6PKBU73I45L6YWNYCUK2XBEXEFX7L/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYODHZECXYFC2BNODZPZXZAXOKGMCYAP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6MO4FSKYNSAJVUXYP7LRY7ARUIGKBFL/
Configurations

Configuration 1 (hide)

cpe:2.3:a:eternal_terminal_project:eternal_terminal:6.2.1:*:*:*:*:*:*:*
History

02 May 2024, 03:15

Type Values Removed Values Added
Summary
  • (es) En Eternal Terminal 6.2.1, etserver y etclient tienen archivos de registro legibles en todo el mundo.
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2RY6PKBU73I45L6YWNYCUK2XBEXEFX7L/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYODHZECXYFC2BNODZPZXZAXOKGMCYAP/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6MO4FSKYNSAJVUXYP7LRY7ARUIGKBFL/ -

16 Feb 2023, 19:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2023/02/16/1 -

23 Jan 2023, 19:09

Type Values Removed Values Added
CPE cpe:2.3:a:eternal_terminal_project:eternal_terminal:6.2.1:*:*:*:*:*:*:*
First Time Eternal Terminal Project eternal Terminal
Eternal Terminal Project
References (MISC) https://github.com/MisterTea/EternalTerminal/pull/556 - (MISC) https://github.com/MisterTea/EternalTerminal/pull/556 - Exploit, Patch, Third Party Advisory
References (MISC) https://github.com/MisterTea/EternalTerminal/issues/555 - (MISC) https://github.com/MisterTea/EternalTerminal/issues/555 - Patch, Third Party Advisory
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3

13 Jan 2023, 05:12

Type Values Removed Values Added
New CVE
Information

Published : 2023-01-13 01:15

Updated : 2024-05-02 03:15

NVD link : CVE-2022-48258

Mitre link : CVE-2022-48258

CVE.ORG link : CVE-2022-48258

JSON object : View

Products Affected

eternal_terminal_project

  • eternal_terminal
CWE
NVD-CWE-noinfo