5 matches found
Home Assistant HACS - Local File Inclusion
Home Assistant before 2021.1.3 lacks a protection layer against directory-traversal attacks in custom integrations, letting attackers access arbitrary files, exploit requires attacker to deploy malicious custom integration. id: CVE-2021-3152 info: name: Home Assistant HACS - Local File Inclusion...
CVE-2021-3152
Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Hom...
Home Assistant < 2021.1.3 Path Traversal Vulnerability
Home Assistant instances using custom integrations are prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
[ASA-202101-44] home-assistant: information disclosure
Arch Linux Security Advisory ASA-202101-44 ========================================== Severity: Medium Date : 2021-01-29 CVE-ID : CVE-2021-3152 Package : home-assistant Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-1488 Summary ======= The package...
CVE-2021-3152
Summary: CVE-2021-3152 affects Home Assistant before 2021.1.3, describing a directory-traversal risk in custom integrations. The vulnerability is framed as arising from third-party integrations, not Home Assistant itself, though a security update is recommended. Affected product/area: Home Assist...