Auto-merge PR#4114

2025-08-04 08:44:25 +00:00 · 2022-01-18 17:04:07 -05:00 · 2022-01-18 17:04:07 -05:00 · 513a9de15c
commit 513a9de15c
parent c8d1fe0128 0db5ae311a
1 changed files with 76 additions and 6 deletions
--- a/2022/21xxx/CVE-2022-21691.json
+++ b/2022/21xxx/CVE-2022-21691.json
@ -1,18 +1,88 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-21691",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Improper Access Control in Onionshare"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "onionshare",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "< 2.5"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "onionshare"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions chat participants can spoof their channel leave message, tricking others into assuming they left the chatroom."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 4.3,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "NONE",
+            "privilegesRequired": "LOW",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-306: Missing Authentication for Critical Function"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/onionshare/onionshare/security/advisories/GHSA-w9m4-7w72-r766",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-w9m4-7w72-r766"
+            },
+            {
+                "name": "https://github.com/onionshare/onionshare/releases/tag/v2.5",
+                "refsource": "MISC",
+                "url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-w9m4-7w72-r766",
+        "discovery": "UNKNOWN"
    }
 }