#VU89095 Incorrect default permissions in Eternal Terminal - CVE-2022-48258

Cybersecurity Help s.r.o.

Published: 2024-05-01

Vulnerability identifier: #VU89095

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48258

CWE-ID: CWE-276

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Eternal Terminal
Other software / Other software solutions

Vendor: MisterTea

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to incorrect default permissions for logfiles set by the application. A local user with access to the system can view contents of files and gain access to sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Eternal Terminal: 1.1.1 - 6.2.3

External links
https://github.com/MisterTea/EternalTerminal/issues/555
https://github.com/MisterTea/EternalTerminal/pull/556
https://www.openwall.com/lists/oss-security/2023/02/16/1

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Fedora EPEL 8 update for et

Fedora 38 update for et

Fedora EPEL 9 update for et

Fedora 40 update for et

Fedora 39 update for et

Multiple vulnerabilities in Eternal Terminal