Upstream information
Description
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT frontend. This path is used in all components for displaying the server access history. This leads to a rendered HTML4 Subset (QT RichText editor) in the Onionshare frontend.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 3.5 |
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | Single |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | None |
| National Vulnerability Database | |
|---|---|
| Base Score | 5.4 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | Required |
| Scope | Changed |
| Confidentiality Impact | Low |
| Integrity Impact | Low |
| Availability Impact | None |
| CVSSv3 Version | 3.1 |
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA python-onionshare-2.5-1.1 openSUSE Tumbleweed GA python3-onionshare-2.6-4.1 |
SUSE Timeline for this CVE
CVE page created: Tue Jan 18 23:00:34 2022CVE page last modified: Wed Jan 31 00:35:04 2024