The debug_mode function in web/web.py in OnionShare through 1.3.1, when –debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. Vulnerability ID: OTF-005 Vulnerability type: Improper Input Sanitization Threat level: Low
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. Vulnerability ID: OTF-013 Vulnerability type: Improper Hardening Threat level: Low
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. Vulnerability ID: OTF-014 Vulnerability type: Out-of-bounds Read Threat level: Elevated
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. Vulnerability ID: OTF-001 Vulnerability type: Improper Input Sanitization Threat level: Elevated
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. Vulnerability ID: OTF-006 Vulnerability type: Broken Website Hardening Control Threat level: Low
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. Vulnerability ID: OTF-004 Vulnerability type: Improper Access Control Threat level: Moderate
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. Vulnerability ID: OTF-009 Vulnerability type: Improper Access Control Threat level: Low
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. Vulnerability ID: OTF-003 Vulnerability type: Improper Access Control Threat level: Moderate
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. Vulnerability ID: OTF-012 Vulnerability type: Denial of Service Threat level: Moderate
OnionShare allows remote unauthenticated attackers to upload files on a non-public node when using the –receive functionality.
An information disclosure vulnerability in OnionShare allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the –chat feature.