Lucene search

Veracode Vulnerability DatabaseVERACODE:46025

HistoryMar 27, 2024 - 6:29 a.m.

Cross-Site Request Forgery (CSRF)

2024-03-2706:29:18

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability validation web_server unauthorized configuration files

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

esphome is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability exists due to inadequate validation of incoming requests within web_server.py, allowing an attacker to perform unauthorized actions on configuration files (such as creating, editing, or deleting files).

CPENameOperatorVersion
esphomele2024.3.0b5
esphomele2024.3.0b5

CPE	Name	Operator	Version
	esphome	le	2024.3.0b5
	esphome	le	2024.3.0b5

References

github.com/advisories/GHSA-5925-88xh-6h99

github.com/advisories/GHSA-9p43-hj5j-96h5

github.com/esphome/esphome/commit/c56c40cb824e34ed2b89ba1cb8a3a5eb31459c74

github.com/esphome/esphome/security/advisories/GHSA-5925-88xh-6h99

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for VERACODE:46025