Vulnerabilities > CVE-2020-36517 - Information Exposure Through Discrepancy vulnerability in Home-Assistant 2022.03

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
home-assistant
CWE-203

Summary

An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration.

Vulnerable Configurations

Part Description Count
Application
Home-Assistant
1

Common Weakness Enumeration (CWE)

References