The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.
References
Link | Resource |
---|---|
https://bugs.debian.org/915859 | Issue Tracking Third Party Advisory |
Configurations
Information
Published : 2018-12-07 08:29
Updated : 2019-02-05 11:59
NVD link : CVE-2018-19960
Mitre link : CVE-2018-19960
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
onionshare
- onionshare