CVE-2022-21695 - Vulnerability Details - OpenCVE

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users (or unauthenticated in public mode) can send messages without being visible in the list of chat participants. This issue has been resolved in version 2.5.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00211.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Onionshare	Onionshare

Configuration 1 [-]

cpe:2.3:a:onionshare:onionshare:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-0186	OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users (or unauthenticated in public mode) can send messages without being visible in the list of chat participants. This issue has been resolved in version 2.5.
Github GHSA	GHSA-99p8-9p2c-49j4	Improper Access Control in Onionshare

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/onionshare/onionshare/releases/tag/v2.5
https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4

History

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00222}`	epss `{'score': 0.00211}`

Wed, 23 Apr 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-01-18T21:55:10.000Z

Updated: 2025-04-23T19:10:47.718Z

Reserved: 2021-11-16T00:00:00.000Z

Link: CVE-2022-21695

Vulnrichment

Updated: 2024-08-03T02:53:34.706Z

NVD

Status : Modified

Published: 2022-01-18T22:15:08.147

Modified: 2024-11-21T06:45:15.057

Link: CVE-2022-21695

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "onionshare", "vendor": "onionshare", "versions": [{"status": "affected", "version": "< 2.5"}]}], "descriptions": [{"lang": "en", "value": "OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users (or unauthenticated in public mode) can send messages without being visible in the list of chat participants. This issue has been resolved in version 2.5."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-18T21:55:10.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4"}], "source": {"advisory": "GHSA-99p8-9p2c-49j4", "discovery": "UNKNOWN"}, "title": "Improper Access Control in Onionshare", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-21695", "STATE": "PUBLIC", "TITLE": "Improper Access Control in Onionshare"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "onionshare", "version": {"version_data": [{"version_value": "< 2.5"}]}}]}, "vendor_name": "onionshare"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users (or unauthenticated in public mode) can send messages without being visible in the list of chat participants. This issue has been resolved in version 2.5."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-287: Improper Authentication"}]}]}, "references": {"reference_data": [{"name": "https://github.com/onionshare/onionshare/releases/tag/v2.5", "refsource": "MISC", "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"name": "https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4", "refsource": "CONFIRM", "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4"}]}, "source": {"advisory": "GHSA-99p8-9p2c-49j4", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:53:34.706Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T14:12:00.320972Z", "id": "CVE-2022-21695", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T19:10:47.718Z"}}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-21695", "datePublished": "2022-01-18T21:55:10.000Z", "dateReserved": "2021-11-16T00:00:00.000Z", "dateUpdated": "2025-04-23T19:10:47.718Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"containers": {"cna": {"affected": [{"product": "onionshare", "vendor": "onionshare", "versions": [{"status": "affected", "version": "< 2.5"}]}], "descriptions": [{"lang": "en", "value": "OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users (or unauthenticated in public mode) can send messages without being visible in the list of chat participants. This issue has been resolved in version 2.5."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-18T21:55:10.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4"}], "source": {"advisory": "GHSA-99p8-9p2c-49j4", "discovery": "UNKNOWN"}, "title": "Improper Access Control in Onionshare", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-21695", "STATE": "PUBLIC", "TITLE": "Improper Access Control in Onionshare"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "onionshare", "version": {"version_data": [{"version_value": "< 2.5"}]}}]}, "vendor_name": "onionshare"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users (or unauthenticated in public mode) can send messages without being visible in the list of chat participants. This issue has been resolved in version 2.5."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-287: Improper Authentication"}]}]}, "references": {"reference_data": [{"name": "https://github.com/onionshare/onionshare/releases/tag/v2.5", "refsource": "MISC", "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"name": "https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4", "refsource": "CONFIRM", "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4"}]}, "source": {"advisory": "GHSA-99p8-9p2c-49j4", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:53:34.706Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-21695", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T14:12:00.320972Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T14:12:02.137Z"}}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-21695", "datePublished": "2022-01-18T21:55:10.000Z", "dateReserved": "2021-11-16T00:00:00.000Z", "dateUpdated": "2025-04-23T19:10:47.718Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:onionshare:onionshare:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3A7A46B-5812-492A-B66B-DC43A15A0A38", "versionEndExcluding": "2.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users (or unauthenticated in public mode) can send messages without being visible in the list of chat participants. This issue has been resolved in version 2.5."}, {"lang": "es", "value": "OnionShare es una herramienta de c\u00f3digo abierto que permite compartir archivos, alojar sitios web y chatear con amigos de forma segura y an\u00f3nima usando la red Tor. En las versiones afectadas los usuarios autenticados (o no autenticados en modo p\u00fablico) pueden enviar mensajes sin ser visibles en la lista de participantes del chat. Este problema ha sido resuelto en la versi\u00f3n 2.5"}], "id": "CVE-2022-21695", "lastModified": "2024-11-21T06:45:15.057", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-18T22:15:08.147", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}