CVE-2023-23558

Name of the Vulnerable Software and Affected Versions Eternal Terminal version 6.2.1

Description The issue arises from TelemetryService using fixed paths in /tmp, allowing a local attacker to create a file such as /tmp/.sentry-native-etserver with mode 0777 before the etserver process starts. This enables the attacker to read sensitive information from the file or modify its contents.

Recommendations For Eternal Terminal version 6.2.1, consider restricting access to the /tmp/.sentry-native-etserver file to prevent unauthorized reading or modification of sensitive information until a patch is available. As a temporary workaround, avoid using the TelemetryService or restrict its functionality to minimize the risk of exploitation.