PT-2022-15046 · Unknown+1 · Onionshare+1
Micahflee
·
Published
2022-01-18
·
Updated
2024-06-15
·
CVE-2022-21694
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OnionShare (affected versions not specified)
Description
The website mode of OnionShare allows the use of a hardened Content Security Policy (CSP), which blocks scripts and external resources. However, this CSP cannot be configured for individual pages, making it unusable for websites that require JavaScript or external resources like fonts or images. This issue is considered a general weakness rather than a direct vulnerability, with a low threat level.
Recommendations
- Consider offering a configurable webserver choice
- Consider configurable CSP At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Onionshare