Upstream information

CVE-2021-41867 at MITRE

Description

An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having low severity.

SUSE Bugzilla entry: 1191311 [IN_PROGRESS]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • python-onionshare >= 2.4-1.1
Patchnames:
openSUSE Tumbleweed GA python-onionshare-2.4-1.1