Skip to content

qbittorrent 4.5.0 and 4.5.1 have a security vulnerability

High
PrivatePuffin published GHSA-jf53-rm2h-g2qf Apr 27, 2023

Package

No package listed

Affected versions

4.5.0 - 4.5.1

Patched versions

4.5.2
qbittorrent (Helm/TrueCharts)
<= 15.0.9
15.0.10

Description

Summary

qbittorrent version needs to be bumped to 4.5.2 for an important vulnerability fix, and trackers have begun blacklisting the affected versions (4.5.0 and 4.5.1).

Details

Details can be found here:
qbittorrent/qBittorrent#18618

PoC

Repro steps can be found in the github link above ^^^

Impact

Allows read access to arbitrary files on the host via the web-ui.

Severity

High

CVE ID

No known CVE

Weaknesses

No CWEs

Credits