Lucene search

Veracode Vulnerability DatabaseVERACODE:46692

HistoryApr 30, 2024 - 8:10 a.m.

Sensitive Information Disclosure

2024-04-3008:10:36

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

home assistant

sensitive information disclosure

vulnerability

unauthenticated access

error log

components/api.py

software

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.3%

JSON

Home Assistant is vulnerable to Sensitive Information Disclosure. The vulnerability is due to an unauthenticated attacker being able to read the application’s error log via components/api.py.

CPENameOperatorVersion
homeassistantle0.66.0
homeassistantle0.66.0

CPE	Name	Operator	Version
	homeassistant	le	0.66.0
	homeassistant	le	0.66.0

References

github.com/advisories/GHSA-mh78-8f49-vjg3

github.com/home-assistant/core/commit/598f093bf0fecdefaa3d95d1ddae71317a05321e

github.com/home-assistant/core/pull/13836

github.com/home-assistant/core/releases/tag/0.67.0

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.3%

JSON

Related for VERACODE:46692