Directory Traversal Vulnerability in Home Assistant by Home Assistant
CVE-2021-3152

5.3MEDIUM

Key Information:

Vendor

Home-assistant

Status
Home-assistant
Vendor
CVE Published:
26 January 2021

What is CVE-2021-3152?

Home Assistant versions prior to 2021.1.3 are susceptible to directory traversal attacks due to the absence of protective measures against these vulnerabilities in custom integrations. While the vendor contends that the issue resides within third-party custom integrations, Home Assistant has released a security update aimed at mitigating these risks. Users are strongly advised to update to the latest version to enhance their security posture against potential exploitation.

References

https://www.home-assistant.io/blog/2021/01/14/security-bu...
x_refsource_CONFIRM
https://www.home-assistant.io/blog/2021/01/22/security-di...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.