{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-51774", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-06T16:24:13.957Z", "dateReserved": "2024-11-02T00:00:00", "datePublished": "2024-11-02T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-11-02T05:53:08.524586"}, "descriptions": [{"lang": "en", "value": "qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://sharpsec.run/rce-vulnerability-in-qbittorrent/"}, {"url": "https://news.ycombinator.com/item?id=42004219"}, {"url": "https://www.qbittorrent.org/news"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-295", "lang": "en", "description": "CWE-295 Improper Certificate Validation"}]}], "affected": [{"vendor": "qbittorrent", "product": "qbittorrent", "cpes": ["cpe:2.3:a:qbittorrent:qbittorrent:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "5.0.1", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-06T16:21:03.359796Z", "id": "CVE-2024-51774", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T16:24:13.957Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-51774", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-06T16:21:03.359796Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:qbittorrent:qbittorrent:*:*:*:*:*:*:*:*"], "vendor": "qbittorrent", "product": "qbittorrent", "versions": [{"status": "affected", "version": "0", "lessThan": "5.0.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T16:22:51.640Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://sharpsec.run/rce-vulnerability-in-qbittorrent/"}, {"url": "https://news.ycombinator.com/item?id=42004219"}, {"url": "https://www.qbittorrent.org/news"}], "descriptions": [{"lang": "en", "value": "qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-11-02T05:53:08.524586"}}}, "cveMetadata": {"cveId": "CVE-2024-51774", "state": "PUBLISHED", "dateUpdated": "2024-11-06T16:24:13.957Z", "dateReserved": "2024-11-02T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-11-02T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qbittorrent:qbittorrent:*:*:*:*:*:*:*:*", "matchCriteriaId": "E299D12D-A468-4935-8DFD-2A6C8C8384DD", "versionEndExcluding": "5.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors."}, {"lang": "es", "value": " qBittorrent anterior a 5.0.1 contin\u00faa utilizando URL https incluso despu\u00e9s de errores de validaci\u00f3n de certificado."}], "id": "CVE-2024-51774", "lastModified": "2024-11-06T17:35:41.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-11-02T06:15:03.007", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://news.ycombinator.com/item?id=42004219"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://sharpsec.run/rce-vulnerability-in-qbittorrent/"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://www.qbittorrent.org/news"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "qBittorrent: RCE Vulnerability in qBittorrent Due to Improper SSL/TLS Certificate Validation", "id": "2323332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323332"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-295", "details": ["qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors.", "A flaw was found in qBittorrent's DownloadManager component. This vulnerability allows remote code execution via improper validation of SSL/TLS certificates, enabling attackers to perform man-in-the-middle and RCE attacks."], "name": "CVE-2024-51774", "public_date": "2024-11-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-51774\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-51774\nhttps://news.ycombinator.com/item?id=42004219\nhttps://sharpsec.run/rce-vulnerability-in-qbittorrent/\nhttps://www.qbittorrent.org/news"], "statement": "No Red Hat products are affected by this vulnerability.", "threat_severity": "Critical"}