2 matches found
CVE-2023-41893
Home assistant is an open source home automation. The audit team’s analyses confirmed that the redirecturi and clientid are alterable when logging in. Consequently, the code parameter utilized to fetch the accesstoken post-authentication will be sent to the URL specified in the aforementioned...
CVE-2023-41893
CVE-2023-41893 affects Home Assistant Core. The vulnerability arises because the login flow allows altering redirect_uri and client_id, causing the code parameter used to fetch the access_token to be sent to a URL controlled by an attacker. This enables an account-takeover attempt if a victim aut...