4 matches found
CVE-2023-41894
Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the .ui.nabu.casa URL without authentication, even when the webhook is marked as Only accessible from the local network. This issue is facilitated by the...
CVE-2023-41894
Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the .ui.nabu.casa URL without authentication, even when the webhook is marked as Only accessible from the local network. This issue is facilitated by the...
CVE-2023-41894
CVE-2023-41894 affects Home Assistant Core. The webhook component can be triggered via the *.ui.nabu.casa URL without authentication, due to SniTun forwarding from public URL to localhost (127.0.0.1). This enables local-webhook exposure despite “Only accessible from the local network” setting. Im...
CVE-2023-41894 Local-only webhooks externally accessible via SniTun in Home Assistant Core
Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the .ui.nabu.casa URL without authentication, even when the webhook is marked as Only accessible from the local network. This issue is facilitated by the...