CVE-2021-41867 log

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature.
Group Package Affected Fixed Severity Status Ticket
AVG-2437 onionshare 2.2-5 Medium Not affected
References
https://www.ihteam.net/advisory/onionshare/
https://github.com/onionshare/onionshare/issues/1397
https://github.com/onionshare/onionshare/pull/1404