An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the –chat feature.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Onionshare | Onionshare | 2.3 (including) | 2.4 (excluding) |
Onionshare | Ubuntu | bionic | * |
Onionshare | Ubuntu | hirsute | * |
Onionshare | Ubuntu | impish | * |
Onionshare | Ubuntu | lunar | * |
Onionshare | Ubuntu | trusty | * |
Onionshare | Ubuntu | upstream | * |
Onionshare | Ubuntu | xenial | * |