CVE-2022-21695

Name of the Vulnerable Software and Affected Versions OnionShare versions prior to 2.5

Description OnionShare is an open source tool that lets users securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions, authenticated users (or unauthenticated in public mode) can send messages without being visible in the list of chat participants. This issue allows an adversary with access to the chat environment to send messages to the chat without being visible in the list of chat participants.

Recommendations For OnionShare versions prior to 2.5: Update to version 2.5 to resolve the issue. As a temporary workaround, consider implementing proper session handling and allowing chat access only after emission of the join event. Restrict access to the chat environment to minimize the risk of exploitation.