Lucene search

Veracode Vulnerability DatabaseVERACODE:44712

HistoryDec 18, 2023 - 7:32 a.m.

Sensitive Information Disclosure

2023-12-1807:32:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

homeassistant vulnerability lan exploitation privacy

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.5%

JSON

homeassistant is vulnerable to Sensitive Information Disclosure. The vulnerability arises due to the login page exposing user accounts to unauthenticated attackers on the LAN. An attacker is able to read application data as a result of exploitation of this vulnerability.

CPENameOperatorVersion
homeassistantle2023.12.2
homeassistantle2023.12.2

CPE	Name	Operator	Version
	homeassistant	le	2023.12.2
	homeassistant	le	2023.12.2

References

github.com/advisories/GHSA-jqpc-rc7g-vf83

github.com/home-assistant/core/commit/dbfc5ea8f96bde6cd165892f5a6a6f9a65731c76

github.com/home-assistant/core/security/advisories/GHSA-jqpc-rc7g-vf83

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.5%

JSON

Related for VERACODE:44712