CVE-2024-51774 #20
Description
I found and reported CVE-2024-51774 (qBittorrent never verified a single SSL certificate for 14+ years before that) based purely on configuring certmitm and then lazily clicking through all the icons on my taskbar.
Then saw the errors, dug deeper, eventually figured out it was a true positive and then it got issued a CVE - but 90% of the finding in my opinion was down to the availability and reputation of certmitm which led me to finding the bug.
Here's my blog post: https://sharpsec.run/rce-vulnerability-in-qbittorrent/
Here's the Bleeping Computer article: https://www.bleepingcomputer.com/news/security/qbittorrent-fixes-flaw-exposing-users-to-mitm-attacks-for-14-years/
Here's the NVD listing: https://nvd.nist.gov/vuln/detail/CVE-2024-51774
What's irritating is that the repo maintainers have done an admirable job of acting like it doesn't matter, called the patch a "bugfix" and have ignored the security advisory I opened, refusing to acknowledge the CVE at all.
