Lucene search
Alpine Linux Development TeamALPINE:CVE-2023-30801HistoryOct 10, 2023 - 2:15 p.m.
CVE-2023-30801
2023-10-1014:15:10
Alpine Linux Development Team
security.alpinelinux.org
10
cve-2023-30801 qbittorrent default-credentials web user-interface remote-attacker unix operating-system-commands
0.001 Low
EPSS
Percentile
45.6%
All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the “external program” feature in the web user interface. This was reportedly exploited in the wild in March 2023.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.18-community | noarch | qbittorrent | = 4.5.4-r0 | UNKNOWN |
Related
openvas
openvas
Fedora: Security Advisory for qbittorrent (FEDORA-2023-1bbfc445a2)
2023-12-01 00:00:00
Fedora: Security Advisory for qbittorrent (FEDORA-2023-185f3e8ad7)
2023-12-01 00:00:00
cve
cve
CVE-2023-30801
2023-10-10 14:15:10
nessus
nessus
Fedora 38 : qbittorrent (2023-185f3e8ad7)
2023-11-29 00:00:00
Fedora 39 : qbittorrent (2023-1bbfc445a2)
2023-11-29 00:00:00
redos
redos
ROS-20240505-03
2024-04-05 00:00:00
debiancve
debiancve
CVE-2023-30801
2023-10-10 14:15:10
cvelist
cvelist
CVE-2023-30801 qBittorrent Web UI Default Credentials Lead to RCE
2023-10-10 13:46:46
nvd
nvd
CVE-2023-30801
2023-10-10 14:15:10
prion
prion
Default credentials
2023-10-10 14:15:00
osv
osv
CVE-2023-30801
2023-10-10 14:15:10
fedora
fedora
[SECURITY] Fedora 39 Update: qbittorrent-4.6.1-1.fc39
2023-11-30 03:31:17
[SECURITY] Fedora 38 Update: qbittorrent-4.6.1-1.fc38
2023-11-30 03:35:16
ubuntucve
ubuntucve
CVE-2023-30801
2023-10-10 00:00:00