GHSA-QHHJ-7HRC-GQJ5 Home Assistant vulnerable to account takeover via auth_callback login

🗓️ 26 Oct 2023 21:22:46Reported by GoogleType

osv🔗 osv.dev👁 10 Views

Home Assistant account takeover via auth_callback vulnerabilit

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 10
Cvelist	CVE-2023-41893 Account takeover via auth_callback login in Home Assistant Core	19 Oct 202323:27	–	cvelist
OSV	PYSEC-2023-214	20 Oct 202300:15	–	osv
OSV	CVE-2023-41893	20 Oct 202300:15	–	osv
Vulnrichment	CVE-2023-41893 Account takeover via auth_callback login in Home Assistant Core	19 Oct 202323:27	–	vulnrichment
Veracode	Broken Authentication	23 Oct 202303:08	–	veracode
CVE	CVE-2023-41893	20 Oct 202300:15	–	cve
Github Security Blog	Home Assistant vulnerable to account takeover via auth_callback login	26 Oct 202321:46	–	github
Github Security Blog	Securing our home labs: Home Assistant code review	30 Nov 202313:52	–	github
Prion	Design/Logic Flaw	20 Oct 202300:15	–	prion
NVD	CVE-2023-41893	20 Oct 202300:15	–	nvd

Source	Link
github	www.github.com/home-assistant/core/security/advisories/GHSA-qhhj-7hrc-gqj5
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-41893
github	www.github.com/home-assistant/core
github	www.github.com/pypa/advisory-database/tree/main/vulns/homeassistant/PYSEC-2023-214.yaml
home-assistant	www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

26 Oct 2023 21:46Current

5.3Medium risk

Vulners AI Score5.3

CVSS34.3 - 5.4

EPSS0.00343

SSVC