Medium severity6.3NVD Advisory· Published Jan 18, 2022· Updated Apr 3, 2026
CVE-2022-21693
CVE-2022-21693
Description
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive files in the entire user home folder. This could lead to the leaking of sensitive data. Due to the automatic exclusion of hidden folders, the impact is reduced. This can be mitigated by usage of the flatpak release.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
onionshare-cliPyPI | >= 2.3, < 2.5 | 2.5 |
Affected products
4- ghsa-coords3 versionspkg:pypi/onionshare-clipkg:rpm/opensuse/python3-onionshare&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-onionshare&distro=openSUSE%20Tumbleweed
>= 2.3, < 2.5+ 2 more
- (no CPE)range: >= 2.3, < 2.5
- (no CPE)range: < 2.6-4.1
- (no CPE)range: < 2.5-1.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-jgm9-xpfj-4fq6ghsaADVISORY
- github.com/onionshare/onionshare/releases/tag/v2.5nvdRelease NotesThird Party AdvisoryWEB
- github.com/onionshare/onionshare/security/advisories/GHSA-jgm9-xpfj-4fq6nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-21693ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/onionshare-cli/PYSEC-2022-44.yamlghsaWEB
News mentions
0No linked articles in our index yet.