CVE-2022-21693: Path traversal in Onionshare
6.3
Basic Information
Technical Details
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
onionshare-cli | pip | >= 2.3, < 2.5 | 2.5 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from improper filesystem access configurations in Flatpak and Snap packaging files (snapcraft.yaml
and org.onionshare.OnionShare.yaml
), not from specific code functions. These configurations granted broad read access to the entire home directory. While the technical description references specific lines in these YAML files, these are declarative permissions configurations rather than executable functions. The advisory does not identify any vulnerable application code functions (e.g., path sanitization routines
or file handling implementations
) - the core issue lies in packaging security policies. Without access to commit diffs or code changes demonstrating vulnerable functions, we cannot confidently identify specific code functions responsible for the misconfiguration.