Hi, I logged onto my Transmission GUI today and found two torrents I do not know and have not added. I'm not the only user to report this, but information is scarce.
These are the two torrents that were added:
Code: Select all
[LockBlock] Xian Wang de Richang Shenghuo 1-15 VOSFTR [WEBRip][720p][X264]
[LockBlock] Xian Wang de Richang Shenghuo - The Daily Life of the Immortal King S2 1-12 VOSTFR [WEBRip][720p][X264]
My setup is Transmission v3.00 in a Docker container on a virtualized Ubuntu server. My GUI was open to the public internet, but uses a unique username/password combination. So while stuffed credentials were my first obvious guess, this isn't possible. Nothing seems to have been altered to my server/container other than these two torrents being added.
My best guess is that there's a zeroday vulnerability in Transmission v3.00. Is there a log I can share for examination?
User on different platform with similar report:
https://community.synology.com/enu/foru ... ply=470509