Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2023-41898
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-19 Oct, 2023 | 23:15
Updated At-26 Oct, 2023 | 16:08

Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential theft. This issue has been patched in version 2023.9.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-142`.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.18.6HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CPE Matches
home-assistant
home-assistant
>>home_assistant_companion>>Versions before 2023.9.2(exclusive)
cpe:2.3:a:home-assistant:home_assistant_companion:*:*:*:*:*:android:*:*
Weaknesses
CWE IDTypeSource
CWE-94Primarynvd@nist.gov
CWE-345Secondarysecurity-advisories@github.com
CWE-94Secondarysecurity-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/home-assistant/core/security/advisories/GHSA-jvpm-q3hq-86rgsecurity-advisories@github.com
Vendor Advisory
Change History
0Changes found
Details not found