Description
An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature.
References
https://github.com/onionshare/onionshare/compare/v2.3.3...v2.4
PatchThird Party Advisory
https://www.ihteam.net/advisory/onionshare/
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-10-04T14:15:07.693
3 years agoLast modified
2021-10-12T18:34:09.450
3 years ago