CVE-2022-21691

Name of the Vulnerable Software and Affected Versions OnionShare versions prior to 2.5

Description The issue allows chat participants to spoof their channel leave message, tricking others into assuming they left the chatroom. This can be exploited by an adversary with access to the chat environment, enabling them to persist in the chat with access to all sent messages and the possibility to write in the chat. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations Implement proper session handling to prevent chat participants from spoofing their channel leave message. As a temporary workaround, consider monitoring chatroom activity closely to detect potential spoofing attempts until a patch is available. Restrict access to the chat environment to minimize the risk of exploitation.