CVE-2024-29019
CVE-2024-29019 affects ESPHome’s dashboard API (version 2023.12.9 and prior) and is due to a CSRF flaw that lets a logged-in user’s session perform operations on configuration files if the victim visits a weaponized page. The issue enables bypassing authentication for API calls that manipulate co...