CVE-2021-41867 - An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated a

CVE-2021-41867

Summary

An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature.

References

https://github.com/onionshare/onionshare/compare/v2.3.3...v2.4
https://www.ihteam.net/advisory/onionshare/

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

04-10-2021 - 14:41

Published

04-10-2021 - 14:15

Last modified

04-10-2021 - 14:41