CVE-2018-21019 – homeassistant

Package

Manager: pip
Name: homeassistant
Vulnerable Version: >=0 <0.67.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01121 pctl0.7742

Details

Home Assistant information disclosure vulnerability Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.

Metadata

Created: 2022-05-24T16:56:39Z
Modified: 2024-09-20T21:20:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mh78-8f49-vjg3/GHSA-mh78-8f49-vjg3.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-mh78-8f49-vjg3
Finding: F038
Auto approve: 1