Lucene search
PRIOn knowledge basePRION:CVE-2023-41899HistoryOct 19, 2023 - 11:15 p.m.
Server side request forgery (ssrf)
2023-10-1923:15:00
PRIOn knowledge base
www.prio-n.com
3
server side request forgery
home assistant
vulnerability
supervisor rest api
upgrade
ghsl
nvd
0.001 Low
EPSS
Percentile
19.3%
Home assistant is an open source home automation. In affected versions the hassio.addon_stdin is vulnerable to a partial Server-Side Request Forgery where an attacker capable of calling this service (e.g.: through GHSA-h2jp-7grc-9xpp) may be able to invoke any Supervisor REST API endpoints with a POST request. An attacker able to exploit will be able to control the data dictionary, including its addon and input key/values. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-162.
| CPE | Name | Operator | Version |
|---|---|---|---|
| home-assistant | lt | 2023.9.0 |
Related
veracode
veracode
Server Side Request Forgery
2023-10-20 07:53:44
cve
cve
CVE-2023-41899
2023-10-19 23:15:08
cvelist
cvelist
CVE-2023-41899 Partial Server-Side Request Forgery in Home Assistant Core
2023-10-19 22:18:31
nvd
nvd
CVE-2023-41899
2023-10-19 23:15:08
osv
osv
CVE-2023-41899
2023-10-19 23:15:08
CVE-2023-44385
2023-10-19 23:15:08
github
github
Securing our home labs: Home Assistant code review
2023-11-30 13:52:58