CVE-2018-19960

Published: Dec 7, 2018Modified: Nov 21, 2024

7.0

Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: NVD

Description

The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.

Affected (1)

Products: Onionshare: Onionshare

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Onionshare Onionshare	Up to 1.3.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://bugs.debian.org/915859

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://bugs.debian.org/915859

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.