Home Assistant Companion Security Vulnerabilities - CVSS Score 9 - 10
Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that specifies the redirect_uri and client_id parameters. Although the redirect_uri validation typically ensures that it matches t...
9.6CVSS
8.2AI Score
0.002EPSS
Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected auth_callback=1, which is leveraged by the WebSocket authentication logic in tandem with the state parameter. The state parameter contains the hassUrl, which is subsequ...
9CVSS
8.8AI Score
0.001EPSS
Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks an...
9.6CVSS
9.5AI Score
0.002EPSS