homeassistant@2023.12.0b5 vulnerabilities

Open-source home automation platform running on Python 3.

Direct Vulnerabilities

Known vulnerabilities in the homeassistant package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

Affected versions of this package are vulnerable to Information Exposure due to an issue with the login page, which discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. This could potentially allow an unauthorized actor to gain knowledge of all user accounts on the system.

Notes:

This applies to the local subnet where Home Assistant resides and to any private subnet that can reach it.

How to fix Information Exposure?

Upgrade homeassistant to version 2023.12.3 or higher.

[,2023.12.3)