Vulnerabilities > CVE-2020-36517 - Information Exposure Through Discrepancy vulnerability in Home-Assistant 2022.03
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://github.com/home-assistant/plugin-dns/issues/6
- https://github.com/home-assistant/plugin-dns/pull/55
- https://community.home-assistant.io/t/ha-os-dns-setting-configuration-not-respected/356572
- https://github.com/home-assistant/plugin-dns/pull/56
- https://github.com/home-assistant/plugin-dns/issues/17
- https://github.com/home-assistant/plugin-dns/pull/59
- https://github.com/home-assistant/plugin-dns/pull/58
- https://github.com/home-assistant/plugin-dns/issues/22
- https://github.com/home-assistant/plugin-dns/issues/54
- https://github.com/home-assistant/plugin-dns/issues/64
- https://github.com/home-assistant/plugin-dns/issues/53
- https://github.com/home-assistant/plugin-dns/issues/20
- https://github.com/home-assistant/plugin-dns/issues/51
- https://github.com/home-assistant/plugin-dns/issues/50
- https://github.com/home-assistant/plugin-dns/issues/70