TeslaMate is an open source project, a self-hosted data logger for Tesla. versions prior to TeslaMate 1.25.1 contain an elevation of privilege vulnerability that stems from Tesla’s use of the default Docker configuration, which allows an attacker to use Grafana login access to obtain a token for Tesla API calls. An attacker could use the vulnerability to open the door of a Tesla vehicle, initiate Keyless Driving, and interfere with vehicle operation while driving.
CPE | Name | Operator | Version |
---|---|---|---|
teslamate teslamate | lt | 1.25.1 |