Sonarr Path Traversal Vulnerability Allowing Unauthenticated File Read on Windows

A path traversal vulnerability has been identified in Sonarr, a PVR application for Usenet and BitTorrent users. This issue affects versions in the 4.x branch prior to 4.0.17.2950 and is exclusive to Windows systems. The vulnerability allows an unauthenticated remote attacker to read any file accessible by the Sonarr process. This includes application configuration files containing API keys and database credentials, Windows system files, and any user-accessible files on the same drive. The vulnerability arises because files returned from the web server were not restricted to the intended directory, potentially exposing sensitive information through the API.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files, including application configuration files with API keys and database credentials, Windows system files, and other user-accessible files on the same drive.

Remediation

Users can upgrade to Sonarr version 4.0.17.2950 in the nightly/develop branch or version 4.0.17.2952 for stable/main releases. For those unable to upgrade, the application can be hosted on a secure internal network and accessed via VPN, Tailscale, or a similar solution.