Miggo Logo

CVE-2022-21692: Improper Access Control in Onionshare

4.3

CVSS Score
3.1

Basic Information

EPSS Score
0.35564%
Published
1/21/2022
Updated
10/7/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
onionshare-clipip>= 2.3, < 2.52.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two server-side functions that lack proper session authentication: 1) The 'text' handler trusts client-provided session names without validation, allowing message spoofing. 2) 'update_username' permits username changes to existing names without verifying the user's right to do so. Both functions in chat_mode.py handle critical authentication-sensitive operations without checking if the user has completed proper session initialization (via the 'joined' event), making them vulnerable to manipulation by clients that bypass the normal connection workflow.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**tw**n S*pt*m**r **, **** *n* O*to**r *, ****, [R**i**lly Op*n S**urity](*ttps://www.r**i**llyop*ns**urity.*om/) *on*u*t** * p*n*tr*tion t*st o* OnionS**r* *.*, *un*** *y t** Op*n T***nolo*y *un*'s [R** T**m l**](*ttps://www.op*nt***.*un*/l**s/r**-t

Reasoning

T** vuln*r**ility st*ms *rom two s*rv*r-si** *un*tions t**t l**k prop*r s*ssion *ut**nti**tion: *) T** 't*xt' **n*l*r trusts *li*nt-provi*** s*ssion n*m*s wit*out v*li**tion, *llowin* m*ss*** spoo*in*. *) 'up**t*_us*rn*m*' p*rmits us*rn*m* ***n**s to