The bug report can be found here: https://github.com/qbittorrent/qBittorrent/issues/18618. The bug allows a remote attack to read files and traverse the filesystem.
qBittorent almost immediately released an updated version 4.5.2 which fixes this vulnerability. Seeing that the official TrueNAS Scale app is based on linuxserver/qbittorrent and that docker image has also been updated to 4.5.2 I believe it is urgent to release an update for the official Truenas App too.
TLDR:
Currently turenas scale contains linuxserver/qbittorrent:4.5.1 which needs to be updated to linuxserver/qbittorrent:latest to get the 4.5.2 release and fix the vulnerability.
qBittorent almost immediately released an updated version 4.5.2 which fixes this vulnerability. Seeing that the official TrueNAS Scale app is based on linuxserver/qbittorrent and that docker image has also been updated to 4.5.2 I believe it is urgent to release an update for the official Truenas App too.
TLDR:
Currently turenas scale contains linuxserver/qbittorrent:4.5.1 which needs to be updated to linuxserver/qbittorrent:latest to get the 4.5.2 release and fix the vulnerability.
