CVE-2022-21690 Information
Jun 07, 2022
cve
Description
OnionShare is an open source tool that lets you securely and anonymously share files host websites and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT frontend. This path is used in all components for displaying the server access history. This leads to a rendered HTML4 Subset (QT RichText editor) in the Onionshare frontend.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Reference
https://github.com/onionshare/onionshare/security/advisories/GHSA-ch22-x2v3-v6vq https://github.com/onionshare/onionshare/releases/tag/v2.5
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
5.4
Share on: