{"id":"CVE-2023-23558","details":"In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in that file.","modified":"2026-04-10T04:55:36.961798Z","published":"2023-02-16T16:15:12.463Z","references":[{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1207126"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2023/02/16/1"},{"type":"PACKAGE","url":"https://github.com/MisterTea/EternalTerminal"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mistertea/eternalterminal","events":[{"introduced":"0"},{"last_affected":"63b2adc0e7c1b1d00d36d40c8573005643c16160"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.2.1"}]}}],"versions":["et-v1.1.1","et-v2.0.0","et-v2.0.1","et-v2.0.2","et-v2.1.0","et-v3.0.0","et-v3.0.1","et-v3.0.2","et-v3.0.4","et-v3.0.5","et-v3.0.6","et-v3.1.0","et-v3.1.1","et-v4.0.1","et-v4.0.2","et-v4.0.3","et-v4.0.4","et-v4.0.5","et-v4.1.0","et-v4.1.1","et-v4.1.2","et-v4.2.0","et-v4.2.1","et-v5.0.0","et-v5.0.1","et-v5.0.2","et-v5.0.3","et-v5.0.4","et-v5.0.5","et-v5.0.6","et-v5.0.7","et-v5.1.0","et-v6.0.1","et-v6.0.2","et-v6.1.11","et-v6.2.0","et-v6.2.1","v1.0.0","v1.0.1","v1.0.2","v1.0.3","v1.0.4","v1.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23558.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}