CVE-2022-21696 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-21696 Interim 1 5 2023-07-24T23:29:57Z current 2022-01-20T02:03:11Z 2023-07-24T23:29:57Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-21696 OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at the end of the name string. An adversary with access to the chat environment can use the rename feature to impersonate other participants by adding whitespace characters at the end of the username. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed python-onionshare-2.5-1.1 python-onionshare-2.5-1.1 as a component of openSUSE Tumbleweed OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at the end of the name string. An adversary with access to the chat environment can use the rename feature to impersonate other participants by adding whitespace characters at the end of the username. CVE-2022-21696 openSUSE Tumbleweed:python-onionshare-2.5-1.1 important 4 AV:N/AC:L/Au:S/C:N/I:P/A:N 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N