CVE-2022-21694
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure this CSP for individual pages and therefore the security enhancement cannot be used for websites using javascript or external resources like fonts or images.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| onionshare | onionshare | < 2.5 | affected |
Weaknesses
- CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/onionshare/onionshare/releases/tag/v2.5
- https://github.com/onionshare/onionshare/security/advisories/GHSA-h29c-wcm8-883h
- https://github.com/onionshare/onionshare/issues/1389
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/onionshare/onionshare/releases/tag/v2.5
- https://github.com/onionshare/onionshare/security/advisories/GHSA-h29c-wcm8-883h
- https://github.com/onionshare/onionshare/issues/1389
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.