An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the –chat feature.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Onionshare | Onionshare | 2.3 (including) | 2.4 (excluding) |