CVE-2021-41867

Published: 04/10/2021 Updated: 12/10/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An information disclosure vulnerability in OnionShare 2.3 prior to 2.4 allows remote unauthenticated malicious users to retrieve the full list of participants of a non-public OnionShare node via the --chat feature.

Vulnerable Product	Search on Vulmon	Subscribe to Product
onionshare onionshare

Debian Bug report logs - #1014966 onionshare: CVE-2021-41867 CVE-2021-41868 CVE-2022-21688 CVE-2022-21689 CVE-2022-21690 CVE-2022-21691 CVE-2022-21692 CVE-2022-21693 CVE-2022-21694 CVE-2022-21695 CVE-2022-21696 Package: src:onionshare; Maintainer for src:onionshare is Debian Privacy Tools Maintainers <pkg-privacy-maintainers@listsalio ...

An information disclosure vulnerability in OnionShare 23 before 24 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature ...

NVD-CWE-noinfo https://github.com/onionshare/onionshare/compare/v2.3.3...v2.4 https://www.ihteam.net/advisory/onionshare/https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014966

CVE-2021-41867

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect