CVE-2022-21693— Path traversal in Onionshare
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-21693
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path traversal in Onionshare
Source: NVD (National Vulnerability Database)
Vulnerability Description
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive files in the entire user home folder. This could lead to the leaking of sensitive data. Due to the automatic exclusion of hidden folders, the impact is reduced. This can be mitigated by usage of the flatpak release.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
OnionShare 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OnionShare是一种开源工具。用于安全且匿名地共享文件、托管网站以及使用 Tor 网络与朋友聊天。 OnionShare存在安全漏洞,该漏洞源于OnionShare 是一个开源工具,可让您安全匿名地共享文件、托管网站以及使用 Tor 网络与朋友聊天。在受影响的版本中,具有允许从 Onionshare 进程上下文访问文件系统的原语的对手可以访问整个用户主文件夹中的敏感文件。这可能导致敏感数据泄露。由于隐藏文件夹的自动排除,减少了影响。这可以通过使用 flatpak 版本来缓解。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| onionshare | onionshare | < 2.5 | - |
II. Public POCs for CVE-2022-21693
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-21693
请登录查看更多情报信息。
Same Patch Batch · onionshare · 2022-01-18 · 9 CVEs total
| CVE-2022-21690 | 8.7 HIGH | Cross-Site Scripting in Onionshare |
| CVE-2022-21688 | 7.5 HIGH | Out-of-bounds Read in Onionshare |
| CVE-2022-21689 | 7.5 HIGH | Denial of Service in Onionshare |
| CVE-2022-21691 | 4.3 MEDIUM | Improper Access Control in Onionshare |
| CVE-2022-21692 | 4.3 MEDIUM | Improper Access Control in Onionshare |
| CVE-2022-21695 | 4.3 MEDIUM | Improper Access Control in Onionshare |
| CVE-2022-21696 | 4.3 MEDIUM | Username spoofing in OnionShare |
| CVE-2022-21694 | 3.7 LOW | OTF-006: Broken Website Hardening Control: The CSP can be turned on or off but not configu |
IV. Related Vulnerabilities
Same weakness: CWE-22
- CVE-2026-8274
npitre cramfs-tools Directory cramfsck.c do_directory path t - CVE-2022-50956
WordPress Plugin amministrazione-aperta 3.7.3 Local File Rea - CVE-2026-8215
Industrial Application Software IAS Canias ERP RMI iasReques - CVE-2026-42605
AzuraCast: Path Traversal in `currentDirectory` Parameter En - CVE-2026-42574
apko dirFS has a symlink-following path traversal that allow
V. Comments for CVE-2022-21693
No comments yet