Your submission was sent successfully! Close

CVE-2021-44512

Published: 7 December 2021

World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory.

Priority

Medium

CVSS 3 base score: 7.0

Status

Package Release Status
tmate-ssh-server
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Ignored
(reached end-of-life)
impish Needed

jammy Needed

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)