MEDIUM
Onionshare
CVE published 2017-01-30
CVE-2016-5026
CVE-2016-5026 is a local privilege and access-control issue in OnionShare before 0.9.1. If a local user pre-created the /tmp/onionshare directory, hs.py could be influenced so the hidden service was modified. The practical impact is integrity loss rather than remote compromise, and it is most relevant on multi-user systems where untrusted local users can write to shared temporary locations.