qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors.
    (CVE-2024-51774)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ab5ad835c1 advisory.

    - Update to 5.0.2 fix rhbz#2326888

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-1c74fc369b advisory.

    - Update to 5.0.2 fix rhbz#2326888

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0358-1 advisory.

    - Update to version 5.0.1 (fixes boo#1232731 CVE-2024-51774)

      Added features:

      * Add 'Simple pread/pwrite' disk IO type

      Bug fixes:

      * Don't ignore SSL errors (boo#1232731 CVE-2024-51774)
      * Don't try to apply Mark-of-the-Web to nonexistent files
      * Disable 'Move to trash' option by default
      * Disable the ability to create torrents with a piece size of         256MiB
      * Allow to choose Qt style
      * Always notify user about duplicate torrent
      * Correctly handle 'torrent finished after move' event
      * Correctly apply filename filter when `!qB` extension is         enabled
      * Improve color scheme change detection
      * Fix button state for SSL certificate check

      Web UI:

      * Fix CSS that results in hidden torrent list in some browsers
      * Use proper text color to highlight items in all filter lists
      * Fix 'rename files' dialog cannot be opened more than once
      * Fix UI of Advanced Settings to show all settings
      * Free resources allocated by web session once it is destructed

      Search:

      * Import correct libraries


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
230321	Linux Distros Unpatched Vulnerability : CVE-2024-51774	Nessus	Misc.	high
211978	Fedora 40 : qbittorrent (2024-ab5ad835c1)	Nessus	Fedora Local Security Checks	high
211894	Fedora 41 : qbittorrent (2024-1c74fc369b)	Nessus	Fedora Local Security Checks	high
210715	openSUSE 15 Security Update : qbittorrent (openSUSE-SU-2024:0358-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2024-51774

high

Tenable Plugins

high

high

high

high