Login Sign Up

CVE-2022-21690

8.7 HIGH
Cross-Site Scripting

📋 TL;DR

CVE-2022-21690 is a cross-site scripting (XSS) vulnerability in OnionShare where the path parameter is not properly sanitized before being passed to the QT frontend. This allows attackers to inject malicious scripts that execute in the OnionShare interface when users view server access history. All users running affected versions of OnionShare are vulnerable.

💻 Affected Systems

Products:
  • OnionShare
Versions: Versions before 2.5
Operating Systems: All platforms running OnionShare
Default Config Vulnerable: ⚠️ Yes
Notes: All OnionShare components that display server access history are affected.

📦 What is this software?

Onionshare by Onionshare

View all CVEs affecting Onionshare →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could execute arbitrary JavaScript in the OnionShare interface, potentially stealing session data, manipulating the interface, or performing actions on behalf of the user.

🟠

Likely Case

Attackers inject malicious scripts that execute when users view access history, potentially stealing sensitive information or performing unauthorized actions.

🟢

If Mitigated

With proper input sanitization and output encoding, the injected scripts would be rendered harmless as text rather than executable code.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

XSS vulnerabilities are commonly exploited and weaponization is likely given the public advisory details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.5

Vendor Advisory: https://github.com/onionshare/onionshare/security/advisories/GHSA-ch22-x2v3-v6vq

Restart Required: Yes

Instructions:

1. Download OnionShare v2.5 or later from the official repository. 2. Stop any running OnionShare instances. 3. Install the updated version. 4. Restart OnionShare services.

🔧 Temporary Workarounds

Disable access history display

all

Temporarily disable the server access history feature to prevent exploitation.

Modify OnionShare configuration to disable history logging and display

🧯 If You Can't Patch

  • Restrict access to OnionShare instances to trusted users only
  • Implement network segmentation to isolate OnionShare instances from critical systems

🔍 How to Verify

Check if Vulnerable:

Check OnionShare version - if it's below 2.5, it's vulnerable.

Check Version:

onionshare --version

Verify Fix Applied:

Verify OnionShare version is 2.5 or higher and test that path parameters are properly sanitized.

📡 Detection & Monitoring

Log Indicators:

  • Unusual path parameters containing script tags or JavaScript in access logs

Network Indicators:

  • HTTP requests with malicious script payloads in URL paths

SIEM Query:

source="onionshare" AND (url="*<script>*" OR url="*javascript:*")

📊 Metadata

CVE ID: CVE-2022-21690
CVSS v3 Score: 8.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
CWE: CWE-79
Published: January 18, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-21690, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)