Lucene search

GitHub Advisory DatabaseGHSA-7G47-XXFF-9P85

HistoryNov 19, 2021 - 8:39 p.m.

Remote unauthenticated attackers able to upload files in Onionshare

2021-11-1920:39:44

GitHub Advisory Database

github.com

onionshare

remote attackers

file upload

software vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.011

Percentile

84.7%

JSON

OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality.

Affected configurations

Vulners

Node

onionshareonionshare-cliRange2.3–2.4

VendorProductVersionCPE
onionshareonionshare-cli*cpe:2.3:a:onionshare:onionshare-cli:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
onionshare	onionshare-cli	*	cpe:2.3:a:onionshare:onionshare-cli::::::::

References

github.com/advisories/GHSA-7g47-xxff-9p85

github.com/onionshare/onionshare/issues/1396

github.com/onionshare/onionshare/pull/1404

nvd.nist.gov/vuln/detail/CVE-2021-41868

www.ihteam.net/advisory/onionshare/

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.011

Percentile

84.7%

JSON

Related for GHSA-7G47-XXFF-9P85