Описание
The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| onionshare | fixed | 1.3.2-1 | package | |
| onionshare | no-dsa | jessie | package |
Примечания
https://github.com/micahflee/onionshare/issues/837
Negligible (and disputable) security impact, as the debug mode is not enabled by default
EPSS
Связанные уязвимости
The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.
The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.
Withdrawn Advisory: OnionShare Predictable Pathname
EPSS