Moderate severityNVD Advisory· Published Oct 4, 2021· Updated Aug 4, 2024
CVE-2021-41867
CVE-2021-41867
Description
An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
onionshare-cliPyPI | >= 2.3, < 2.4 | 2.4 |
Affected products
4- OnionShare/OnionSharedescription
- ghsa-coords3 versionspkg:pypi/onionshare-clipkg:rpm/opensuse/python3-onionshare&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-onionshare&distro=openSUSE%20Tumbleweed
>= 2.3, < 2.4+ 2 more
- (no CPE)range: >= 2.3, < 2.4
- (no CPE)range: < 2.6-4.1
- (no CPE)range: < 2.4-1.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-6rvj-pw9w-jcvcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-41867ghsaADVISORY
- github.com/onionshare/onionshare/compare/v2.3.3...v2.4ghsax_refsource_MISCWEB
- www.ihteam.net/advisory/onionshareghsaWEB
- www.ihteam.net/advisory/onionshare/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.