CVE-2018-21019

Опубликовано: 23 сент. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.

Ссылки

https://github.com/home-assistant/home-assistant/pull/13836
Patch
Third Party Advisory
https://github.com/home-assistant/home-assistant/releases/tag/0.67.0
Third Party Advisory
https://github.com/home-assistant/home-assistant/pull/13836
Patch
Third Party Advisory
https://github.com/home-assistant/home-assistant/releases/tag/0.67.0
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:home-assistant:home-assistant:*:*:*:*:*:*:*:*

Версия до 0.67.0 (исключая)

EPSS

Процентиль: 80%

0.01325

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-mh78-8f49-vjg3