CVE-2024-51774

Опубликовано: 02 нояб. 2024

Источник: redhat

CVSS3: 8.1

EPSS Низкий

Описание

qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors.

A flaw was found in qBittorrent's DownloadManager component. This vulnerability allows remote code execution via improper validation of SSL/TLS certificates, enabling attackers to perform man-in-the-middle and RCE attacks.

Отчет

No Red Hat products are affected by this vulnerability.

Ссылки на источники

Дополнительная информация

Статус:

Critical

Дефект:

CWE-295

https://bugzilla.redhat.com/show_bug.cgi?id=2323332qBittorrent: RCE Vulnerability in qBittorrent Due to Improper SSL/TLS Certificate Validation

EPSS

Процентиль: 86%

0.02936

Низкий

8.1 High

CVSS3

Связанные уязвимости

CVE-2024-51774

CVSS3: 8.1

ubuntu

больше 1 года назад

qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors.

CVE-2024-51774

CVSS3: 8.1

nvd

больше 1 года назад

qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors.

CVE-2024-51774

CVSS3: 8.1

debian

больше 1 года назад

qBittorrent before 5.0.1 proceeds with use of https URLs even after ce ...

openSUSE-SU-2024:0358-1

suse-cvrf

около 1 года назад

Security update for qbittorrent

GHSA-hfxc-7rp9-xw9w

CVSS3: 8.1

github

больше 1 года назад

qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors.

EPSS

Процентиль: 86%

0.02936

Низкий

8.1 High

CVSS3