CVE-2023-23558

MEDIUM Year: 2023
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-59
View all →

Vulnerability Description

In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in that file.

Related Vulnerabilities

CVE-2013-1429

MEDIUM
CVSS:6.3(Medium)

Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.

CWE-592013

CVE-2020-3237

MEDIUM
CVSS:6.3(Medium)

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance ...

CWE-592020

CVE-2020-7282

MEDIUM
CVSS:6.3(Medium)

Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to re...

CWE-592020

CVE-2021-20197

MEDIUM
CVSS:6.3(Medium)

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (pres...

CWE-592021

CVE-2022-38730

MEDIUM
CVSS:6.3(Medium)

Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in t...

CWE-592022

CVE-2023-21725

MEDIUM
CVSS:6.3(Medium)

Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

CWE-592023