CVE-2022-24950 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-24950 Interim 1 6 2025-02-16T03:08:24Z current 2022-08-16T23:37:25Z 2025-02-16T03:08:24Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-24950 A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId(). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OHYD4A5UEJOUE57LY64OW2WI6GAVBOMR/ E-Mail link for openSUSE-SU-2022:10185-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JH3ZAC25EJQ7SSVMLKBZFLS6IEAXTLZ2/ E-Mail link for openSUSE-SU-2022:10187-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP3 SUSE Package Hub 15 SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed EternalTerminal-6.2.1-2.1 EternalTerminal-6.2.1-bp153.2.3.1 EternalTerminal-6.2.1-bp154.2.3.1 EternalTerminal-6.2.1-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 EternalTerminal-6.2.1-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 EternalTerminal-6.2.1-bp153.2.3.1 as a component of openSUSE Leap 15.3 EternalTerminal-6.2.1-bp154.2.3.1 as a component of openSUSE Leap 15.4 EternalTerminal-6.2.1-2.1 as a component of openSUSE Tumbleweed A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId(). CVE-2022-24950 SUSE Package Hub 15 SP3:EternalTerminal-6.2.1-bp153.2.3.1 SUSE Package Hub 15 SP4:EternalTerminal-6.2.1-bp154.2.3.1 openSUSE Leap 15.3:EternalTerminal-6.2.1-bp153.2.3.1 openSUSE Leap 15.4:EternalTerminal-6.2.1-bp154.2.3.1 openSUSE Tumbleweed:EternalTerminal-6.2.1-2.1 important 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H