{"containers": {"cna": {"affected": [{"product": "onionshare", "vendor": "onionshare", "versions": [{"status": "affected", "version": "< 2.5"}]}], "descriptions": [{"lang": "en", "value": "OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure this CSP for individual pages and therefore the security enhancement cannot be used for websites using javascript or external resources like fonts or images."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-18T22:20:10.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-h29c-wcm8-883h"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/onionshare/onionshare/issues/1389"}], "source": {"advisory": "GHSA-h29c-wcm8-883h", "discovery": "UNKNOWN"}, "title": "OTF-006: Broken Website Hardening Control: The CSP can be turned on or off but not configured for the specific needs of the website", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-21694", "STATE": "PUBLIC", "TITLE": "OTF-006: Broken Website Hardening Control: The CSP can be turned on or off but not configured for the specific needs of the website"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "onionshare", "version": {"version_data": [{"version_value": "< 2.5"}]}}]}, "vendor_name": "onionshare"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure this CSP for individual pages and therefore the security enhancement cannot be used for websites using javascript or external resources like fonts or images."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-732: Incorrect Permission Assignment for Critical Resource"}]}]}, "references": {"reference_data": [{"name": "https://github.com/onionshare/onionshare/releases/tag/v2.5", "refsource": "MISC", "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"name": "https://github.com/onionshare/onionshare/security/advisories/GHSA-h29c-wcm8-883h", "refsource": "CONFIRM", "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-h29c-wcm8-883h"}, {"name": "https://github.com/onionshare/onionshare/issues/1389", "refsource": "MISC", "url": "https://github.com/onionshare/onionshare/issues/1389"}]}, "source": {"advisory": "GHSA-h29c-wcm8-883h", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:53:34.707Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-h29c-wcm8-883h"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/onionshare/onionshare/issues/1389"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T14:11:52.064770Z", "id": "CVE-2022-21694", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T19:10:18.217Z"}}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-21694", "datePublished": "2022-01-18T22:20:10.000Z", "dateReserved": "2021-11-16T00:00:00.000Z", "dateUpdated": "2025-04-23T19:10:18.217Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"containers": {"cna": {"affected": [{"product": "onionshare", "vendor": "onionshare", "versions": [{"status": "affected", "version": "< 2.5"}]}], "descriptions": [{"lang": "en", "value": "OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure this CSP for individual pages and therefore the security enhancement cannot be used for websites using javascript or external resources like fonts or images."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-18T22:20:10.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-h29c-wcm8-883h"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/onionshare/onionshare/issues/1389"}], "source": {"advisory": "GHSA-h29c-wcm8-883h", "discovery": "UNKNOWN"}, "title": "OTF-006: Broken Website Hardening Control: The CSP can be turned on or off but not configured for the specific needs of the website", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-21694", "STATE": "PUBLIC", "TITLE": "OTF-006: Broken Website Hardening Control: The CSP can be turned on or off but not configured for the specific needs of the website"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "onionshare", "version": {"version_data": [{"version_value": "< 2.5"}]}}]}, "vendor_name": "onionshare"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure this CSP for individual pages and therefore the security enhancement cannot be used for websites using javascript or external resources like fonts or images."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-732: Incorrect Permission Assignment for Critical Resource"}]}]}, "references": {"reference_data": [{"name": "https://github.com/onionshare/onionshare/releases/tag/v2.5", "refsource": "MISC", "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"name": "https://github.com/onionshare/onionshare/security/advisories/GHSA-h29c-wcm8-883h", "refsource": "CONFIRM", "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-h29c-wcm8-883h"}, {"name": "https://github.com/onionshare/onionshare/issues/1389", "refsource": "MISC", "url": "https://github.com/onionshare/onionshare/issues/1389"}]}, "source": {"advisory": "GHSA-h29c-wcm8-883h", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:53:34.707Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-h29c-wcm8-883h"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/onionshare/onionshare/issues/1389"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-21694", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T14:11:52.064770Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T14:11:53.365Z"}}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-21694", "datePublished": "2022-01-18T22:20:10.000Z", "dateReserved": "2021-11-16T00:00:00.000Z", "dateUpdated": "2025-04-23T19:10:18.217Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:onionshare:onionshare:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3A7A46B-5812-492A-B66B-DC43A15A0A38", "versionEndExcluding": "2.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure this CSP for individual pages and therefore the security enhancement cannot be used for websites using javascript or external resources like fonts or images."}, {"lang": "es", "value": "OnionShare es una herramienta de c\u00f3digo abierto que permite compartir archivos, alojar sitios web y chatear con amigos de forma segura y an\u00f3nima usando la red Tor. El modo sitio web de onionshare permite usar un CSP endurecido, que bloquear\u00e1 cualquier script y recurso externo. No es posible configurar este CSP para p\u00e1ginas individuales y, por lo tanto, la mejora de seguridad no puede ser usada para sitios web que usen javascript o recursos externos como fuentes o im\u00e1genes"}], "id": "CVE-2022-21694", "lastModified": "2024-11-21T06:45:14.900", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-18T23:15:08.783", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/onionshare/onionshare/issues/1389"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-h29c-wcm8-883h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/onionshare/onionshare/issues/1389"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-h29c-wcm8-883h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}