Vulnerability-Lookup

PYSEC-2022-46

Vulnerability from pysec - Published: 2022-01-18 22:15 - Updated: 2022-03-09 00:16

Details

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users (or unauthenticated in public mode) can send messages without being visible in the list of chat participants. This issue has been resolved in version 2.5.

Impacted products

Name	purl
onionshare-cli	pkg:pypi/onionshare-cli

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "onionshare-cli",
        "purl": "pkg:pypi/onionshare-cli"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.3",
        "2.3.1",
        "2.3.2",
        "2.3.3"
      ]
    }
  ],
  "aliases": [
    "CVE-2022-21695",
    "GHSA-99p8-9p2c-49j4"
  ],
  "details": "OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users (or unauthenticated in public mode) can send messages without being visible in the list of chat participants. This issue has been resolved in version 2.5.",
  "id": "PYSEC-2022-46",
  "modified": "2022-03-09T00:16:43.452903Z",
  "published": "2022-01-18T22:15:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4"
    }
  ]
}

CVE-2022-21695 (GCVE-0-2022-21695)

Vulnerability from cvelistv5 – Published: 2022-01-18 21:55 – Updated: 2025-04-23 19:10

Title

Improper Access Control in Onionshare

Summary

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE

CWE-287 - Improper Authentication

Assigner

GitHub_M

References

URL

Tags

	https://github.com/onionshare/onionshare/releases…	x_refsource_MISC
	https://github.com/onionshare/onionshare/security…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	onionshare	onionshare	Affected: < 2.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:53:34.706Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21695",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T14:12:00.320972Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T19:10:47.718Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "onionshare",
          "vendor": "onionshare",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users (or unauthenticated in public mode) can send messages without being visible in the list of chat participants. This issue has been resolved in version 2.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-18T21:55:10.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4"
        }
      ],
      "source": {
        "advisory": "GHSA-99p8-9p2c-49j4",
        "discovery": "UNKNOWN"
      },
      "title": "Improper Access Control in Onionshare",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-21695",
          "STATE": "PUBLIC",
          "TITLE": "Improper Access Control in Onionshare"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "onionshare",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 2.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "onionshare"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users (or unauthenticated in public mode) can send messages without being visible in the list of chat participants. This issue has been resolved in version 2.5."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287: Improper Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/onionshare/onionshare/releases/tag/v2.5",
              "refsource": "MISC",
              "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"
            },
            {
              "name": "https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4",
              "refsource": "CONFIRM",
              "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-99p8-9p2c-49j4",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-21695",
    "datePublished": "2022-01-18T21:55:10.000Z",
    "dateReserved": "2021-11-16T00:00:00.000Z",
    "dateUpdated": "2025-04-23T19:10:47.718Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-99P8-9P2C-49J4

Vulnerability from github – Published: 2022-01-21 23:20 – Updated: 2024-10-08 12:37

Summary

Improper Access Control in Onionshare

Details

Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test.

Vulnerability ID: OTF-009
Vulnerability type: Improper Access Control
Threat level: Low

Description:

Authenticated users (or unauthenticated in public mode) can send messages without being visible in the list of chat participants.

Technical description:

Prerequisites:

Existing chatroom
Access to the chatroom (Public or known Private Key)
Either a modified frontend client or manual requests from burp/curl

If a user opens the chatroom without emitting the join message he will not be present in session.users[x] list. Therefore there is no listing in the frontend and no chat participant knows another party joined the chat. It is still possible to send messages in the chatroom.

If a user decides to abuse OTF-003 (page 22) he can impersonate messages from existing users; others would not be able to distinguish original and faked messages. This is also a prerequisite for OTF-004 (page 19).

Impact:

An adversary with access to the chat environment can send messages to the chat without being visible in the list of chat participants.

Recommendation:

Allow chat access only after emission of the join event.
Implement proper session handling.

Severity ?

4.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

5.1 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "onionshare-cli"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3"
            },
            {
              "fixed": "2.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-21695"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-19T19:40:50Z",
    "nvd_published_at": "2022-01-18T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Between September 26, 2021 and October 8, 2021, [Radically Open Security](https://www.radicallyopensecurity.com/) conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund\u0027s [Red Team lab](https://www.opentech.fund/labs/red-team-lab/). This is an issue from that penetration test.\n\n- Vulnerability ID: OTF-009\n- Vulnerability type: Improper Access Control\n- Threat level: Low\n\n## Description:\n\nAuthenticated users (or unauthenticated in public mode) can send messages without being visible in the list of chat participants.\n\n## Technical description:\n\nPrerequisites:\n\n- Existing chatroom\n- Access to the chatroom (Public or known Private Key)\n- Either a modified frontend client or manual requests from burp/curl\n\nIf a user opens the chatroom without emitting the join message he will not be present in session.users[x] list. Therefore there is no listing in the frontend and no chat participant knows another party joined the chat. It is still possible to send messages in the chatroom.\n\nIf a user decides to abuse OTF-003 (page 22) he can impersonate messages from existing users; others would not be able to distinguish original and faked messages. This is also a prerequisite for OTF-004 (page 19).\n\n## Impact:\n\nAn adversary with access to the chat environment can send messages to the chat without being visible in the list of chat participants.\n\n## Recommendation:\n\n- Allow chat access only after emission of the join event.\n- Implement proper session handling.",
  "id": "GHSA-99p8-9p2c-49j4",
  "modified": "2024-10-08T12:37:35Z",
  "published": "2022-01-21T23:20:16Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21695"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/onionshare/onionshare"
    },
    {
      "type": "WEB",
      "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/onionshare-cli/PYSEC-2022-46.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Improper Access Control in Onionshare"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

PYSEC-2022-46

CVE-2022-21695 (GCVE-0-2022-21695)

GHSA-99P8-9P2C-49J4

Description:

Technical description:

Impact:

Recommendation:

Tags

Sightings

Nomenclature