{"containers": {"cna": {"affected": [{"product": "onionshare", "vendor": "onionshare", "versions": [{"status": "affected", "version": "< 2.5"}]}], "descriptions": [{"lang": "en", "value": "OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions anyone with access to the chat environment can write messages disguised as another chat participant."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-18T22:10:15.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-gjj5-998g-v36v"}], "source": {"advisory": "GHSA-gjj5-998g-v36v", "discovery": "UNKNOWN"}, "title": "Improper Access Control in Onionshare", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-21692", "STATE": "PUBLIC", "TITLE": "Improper Access Control in Onionshare"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "onionshare", "version": {"version_data": [{"version_value": "< 2.5"}]}}]}, "vendor_name": "onionshare"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions anyone with access to the chat environment can write messages disguised as another chat participant."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-287: Improper Authentication"}]}]}, "references": {"reference_data": [{"name": "https://github.com/onionshare/onionshare/releases/tag/v2.5", "refsource": "MISC", "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"name": "https://github.com/onionshare/onionshare/security/advisories/GHSA-gjj5-998g-v36v", "refsource": "CONFIRM", "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-gjj5-998g-v36v"}]}, "source": {"advisory": "GHSA-gjj5-998g-v36v", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:53:34.717Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-gjj5-998g-v36v"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-22T15:52:15.078659Z", "id": "CVE-2022-21692", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T18:33:15.871Z"}}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-21692", "datePublished": "2022-01-18T22:10:15.000Z", "dateReserved": "2021-11-16T00:00:00.000Z", "dateUpdated": "2025-04-22T18:33:15.871Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"containers": {"cna": {"affected": [{"product": "onionshare", "vendor": "onionshare", "versions": [{"status": "affected", "version": "< 2.5"}]}], "descriptions": [{"lang": "en", "value": "OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions anyone with access to the chat environment can write messages disguised as another chat participant."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-18T22:10:15.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-gjj5-998g-v36v"}], "source": {"advisory": "GHSA-gjj5-998g-v36v", "discovery": "UNKNOWN"}, "title": "Improper Access Control in Onionshare", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-21692", "STATE": "PUBLIC", "TITLE": "Improper Access Control in Onionshare"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "onionshare", "version": {"version_data": [{"version_value": "< 2.5"}]}}]}, "vendor_name": "onionshare"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions anyone with access to the chat environment can write messages disguised as another chat participant."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-287: Improper Authentication"}]}]}, "references": {"reference_data": [{"name": "https://github.com/onionshare/onionshare/releases/tag/v2.5", "refsource": "MISC", "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"name": "https://github.com/onionshare/onionshare/security/advisories/GHSA-gjj5-998g-v36v", "refsource": "CONFIRM", "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-gjj5-998g-v36v"}]}, "source": {"advisory": "GHSA-gjj5-998g-v36v", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:53:34.717Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-gjj5-998g-v36v"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-21692", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-22T15:52:15.078659Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T15:52:16.871Z"}}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-21692", "datePublished": "2022-01-18T22:10:15.000Z", "dateReserved": "2021-11-16T00:00:00.000Z", "dateUpdated": "2025-04-22T18:33:15.871Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:onionshare:onionshare:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3A7A46B-5812-492A-B66B-DC43A15A0A38", "versionEndExcluding": "2.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions anyone with access to the chat environment can write messages disguised as another chat participant."}, {"lang": "es", "value": "OnionShare es una herramienta de c\u00f3digo abierto que permite compartir archivos, alojar sitios web y chatear con amigos de forma segura y an\u00f3nima usando la red Tor. En las versiones afectadas, cualquier persona con acceso al entorno de chat puede escribir mensajes disfrazado de otro participante en el chat"}], "id": "CVE-2022-21692", "lastModified": "2024-11-21T06:45:14.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-18T23:15:08.710", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-gjj5-998g-v36v"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-gjj5-998g-v36v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}