Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sonarr Authentication Bypass vulnerability
Vulnerability Description
Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authentication for local addresses (Authentication Required set to: `Disabled for Local Addresses`) without a reverse proxy running in front of Sonarr that didn't not pass through the invalid header. Patches are available in version 4.0.16.2942 in the nightly/develop branch and version 4.0.16.2944 for stable/main releases. Some workarounds are available. Make sure Sonarr's Authentication Required setting is set to `Enabled`, run Sonarr behind a reverse proxy, and/or do not expose Sonarr directly to the internet and instead rely on accessing it through a VPN, Tailscale or a similar solution.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
Sonarr 安全漏洞
Vulnerability Description
Sonarr是Sonarr公司的一款可帮助查找、下载和组织电视节目的软件。 Sonarr 4.0.16.2942之前版本存在安全漏洞,该漏洞源于身份验证绕过问题,可能影响为本地地址禁用身份验证的用户。
CVSS Information
N/A
Vulnerability Type
N/A