Onionshare
CVE-2016-5026
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory.
AnalysisAI
hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-284. hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory. Affected products include: Onionshare. Version information: before 0.9.1.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Onionshare
View allOnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --
An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve
The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_ser
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with frien
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today