PT-2022-15045 · Unknown · Onionshare

Micahflee

Published

2022-01-18

Updated

2024-06-15

CVE-2022-21693

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OnionShare (affected versions not specified)

Description OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions, an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive files in the entire user home folder. This could lead to the leaking of sensitive data. Due to the automatic exclusion of hidden folders, the impact is reduced.

Recommendations

Reduce read access in Flatpak configuration.
Use the flatpak release to mitigate the issue.
Restrict access to sensitive files in the user home folder until a patch is available.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2022-21693

GHSA-JGM9-XPFJ-4FQ6

OPENSUSE-SU-2024:11983-1

OPENSUSE-SU-2024:13635-1

PYSEC-2022-44

Affected Products

Onionshare

PT-2022-15045 · Unknown · Onionshare

CVE-2022-21693

Weakness Enumeration

Related Identifiers

Affected Products

References · 29