Vulnerabilities > CVE-2021-41867 - Unspecified vulnerability in Onionshare

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

onionshare

NVD

Published: 2021-10-04

Updated: 2021-10-12

Summary

An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature.

Vulnerable Configurations

Part	Description	Count
Application	Onionshare Onionshare Onionshare 2.3 Onionshare Onionshare 2.3.1 Onionshare Onionshare 2.3.2 Onionshare Onionshare 2.3.3	7

References

https://github.com/onionshare/onionshare/compare/v2.3.3...v2.4
https://www.ihteam.net/advisory/onionshare/