Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:29 a.m.18 views

CVE-2023-41896

Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected authcallback=1, which is leveraged by the WebSocket authentication logic in tandem with the state parameter. The state parameter contains the hassUrl, which is...

9CVSS5.9AI score0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/19 10:30 p.m.63 views

CVE-2023-41896 Fake websocket server installation permits full takeover in Home Assistant Core

Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected authcallback=1, which is leveraged by the WebSocket authentication logic in tandem with the state parameter. The state parameter contains the hassUrl, which is...

7.1CVSS9AI score0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/19 10:30 p.m.13 views

CVE-2023-41896 Fake websocket server installation permits full takeover in Home Assistant Core

Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected authcallback=1, which is leveraged by the WebSocket authentication logic in tandem with the state parameter. The state parameter contains the hassUrl, which is...

7.1CVSS5.9AI score0.00271EPSS
Exploits0References2
CVE
CVE
added 2023/10/19 10:30 p.m.59 views

CVE-2023-41896

CVE-2023-41896 affects Home Assistant Core and the home-assistant-js-websocket package. Cure53’s audit found that the frontend WebSocket authentication flow can be manipulated via an auth_callback=1 flag and a state parameter containing hassUrl, causing the frontend to connect to an attacker-cont...

9CVSS8AI score0.00271EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder