CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
69.5%
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration.
Vendor | Product | Version | CPE |
---|---|---|---|
home-assistant | home-assistant | 2022.03 | cpe:2.3:a:home-assistant:home-assistant:2022.03:*:*:*:*:*:*:* |
community.home-assistant.io/t/ha-os-dns-setting-configuration-not-respected/356572
github.com/home-assistant/plugin-dns/issues/17
github.com/home-assistant/plugin-dns/issues/20
github.com/home-assistant/plugin-dns/issues/22
github.com/home-assistant/plugin-dns/issues/50
github.com/home-assistant/plugin-dns/issues/51
github.com/home-assistant/plugin-dns/issues/53
github.com/home-assistant/plugin-dns/issues/54
github.com/home-assistant/plugin-dns/issues/6
github.com/home-assistant/plugin-dns/issues/64
github.com/home-assistant/plugin-dns/issues/70
github.com/home-assistant/plugin-dns/pull/55
github.com/home-assistant/plugin-dns/pull/56
github.com/home-assistant/plugin-dns/pull/58
github.com/home-assistant/plugin-dns/pull/59
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
69.5%