CVE-2023-41897

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-41897
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-41897.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-41897
Related
  • GHSA-935v-rmg9-44mw
  • GHSA-cr83-q7r2-7f5q
Published
2023-10-19T23:15:08Z
Modified
2025-01-08T09:43:58.129205Z
Severity
  • 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks and alternative exploit opportunities, such as the vector described in this security advisory. This fault incurs major risk, considering the ability to trick users into installing an external and malicious add-on with minimal user interaction, which would enable Remote Code Execution (RCE) within the Home Assistant application. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/home-assistant/home-assistant

Affected ranges

Type
GIT
Repo
https://github.com/home-assistant/home-assistant
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.10
0.10.1
0.100.0
0.100.0b0
0.100.0b1
0.100.0b2
0.100.0b3
0.100.1
0.100.2
0.100.3
0.101.0
0.101.0b0
0.101.0b1
0.101.0b2
0.101.0b3
0.101.0b4
0.101.1
0.101.2
0.101.3
0.102.0
0.102.0b0
0.102.0b1
0.102.0b2
0.102.0b3
0.102.1
0.102.2
0.102.3
0.103.0
0.103.0b0
0.103.0b1
0.103.1
0.103.2
0.103.3
0.103.4
0.103.5
0.103.6
0.104.0
0.104.0b0
0.104.0b1
0.104.0b2
0.104.0b3
0.104.0b4
0.104.0b5
0.104.1
0.104.2
0.104.3
0.105.0
0.105.0b0
0.105.0b1
0.105.0b2
0.105.0b3
0.105.0b4
0.105.0b5
0.105.0b6
0.105.0b7
0.105.1
0.105.2
0.105.3
0.105.4
0.105.5
0.106.0
0.106.0b0
0.106.0b1
0.106.0b2
0.106.0b3
0.106.0b4
0.106.0b5
0.106.1
0.106.2
0.106.3
0.106.4
0.106.5
0.106.6
0.107.0
0.107.0b0
0.107.0b1
0.107.0b2
0.107.0b3
0.107.0b4
0.107.0b5
0.107.0b6
0.107.0b7
0.107.0b8
0.107.1
0.107.2
0.107.3
0.107.4
0.107.5
0.107.6
0.107.7
0.108.0
0.108.0b0
0.108.0b1
0.108.0b2
0.108.0b3
0.108.0b4
0.108.0b5
0.108.0b6
0.108.1
0.108.2
0.108.3
0.108.4
0.108.5
0.108.6
0.108.7
0.108.8
0.108.9
0.109.0
0.109.0b0
0.109.0b1
0.109.0b2
0.109.0b3
0.109.0b4
0.109.0b5
0.109.1
0.109.2
0.109.3
0.109.4
0.109.5
0.109.6
0.11
0.11.1
0.110.0
0.110.0b0
0.110.0b1
0.110.0b2
0.110.0b3
0.110.0b4
0.110.0b5
0.110.1
0.110.2
0.110.3
0.110.4
0.110.5
0.110.6
0.110.7
0.111.0
0.111.0b0
0.111.0b1
0.111.0b2
0.111.0b3
0.111.0b4
0.111.0b5
0.111.1
0.111.2
0.111.3
0.111.4
0.112.0
0.112.0b0
0.112.0b1
0.112.0b2
0.112.0b3
0.112.0b4
0.112.1
0.112.2
0.112.3
0.112.4
0.112.5
0.113.0
0.113.0b0
0.113.0b1
0.113.0b2
0.113.0b3
0.113.1
0.113.2
0.113.3
0.114.0
0.114.0b0
0.114.0b1
0.114.0b2
0.114.0b3
0.114.0b4
0.114.1
0.114.2
0.114.3
0.114.4
0.115.0
0.115.0b0
0.115.0b1
0.115.0b10
0.115.0b11
0.115.0b12
0.115.0b2
0.115.0b3
0.115.0b4
0.115.0b5
0.115.0b6
0.115.0b7
0.115.0b8
0.115.0b9
0.115.1
0.115.2
0.115.3
0.115.4
0.115.5
0.115.6
0.116.0
0.116.0b0
0.116.0b1
0.116.0b2
0.116.0b3
0.116.0b4
0.116.0b5
0.116.0b6
0.116.1
0.116.2
0.116.3
0.116.4
0.117.0
0.117.0b0
0.117.0b1
0.117.0b2
0.117.0b3
0.117.0b4
0.117.0b5
0.117.0b6
0.117.1
0.117.2
0.117.3
0.117.4
0.117.5
0.117.6
0.118.0
0.118.0b0
0.118.0b1
0.118.0b2
0.118.0b3
0.118.1
0.118.2
0.118.3
0.118.4
0.118.5
0.12
0.13
0.13.1
0.14
0.14.1
0.14.2
0.15
0.16
0.16.1
0.17
0.17.1
0.17.2
0.17.3
0.18
0.19
0.19.1
0.19.2
0.19.3
0.19.4
0.20
0.20.1
0.20.2
0.20.3
0.21
0.21.1
0.21.2
0.22
0.23
0.23.1
0.24
0.24.1
0.25
0.25.1
0.25.2
0.26
0.26.1
0.26.2
0.26.3
0.27.0
0.27.1
0.27.2
0.28
0.28.1
0.28.2
0.29
0.29.2
0.29.3
0.29.4
0.29.5
0.29.6
0.29.7
0.30
0.30.1
0.30.2
0.31
0.31.1
0.32
0.32.1
0.32.2
0.32.3
0.32.4
0.33
0.33.1
0.33.2
0.33.3
0.33.4
0.34
0.34.1
0.34.2
0.34.3
0.34.4
0.34.5
0.35
0.35.1
0.35.2
0.35.3
0.36
0.36.1
0.37
0.37.1
0.38
0.38.1
0.38.2
0.38.3
0.38.4
0.39
0.39.1
0.39.2
0.39.3
0.40
0.40.1
0.40.2
0.41
0.42
0.42.1
0.42.2
0.42.3
0.42.4
0.43
0.43.1
0.43.2
0.44
0.44.1
0.44.2
0.45
0.45.1
0.46
0.46.1
0.47
0.47.1
0.48
0.48.1
0.49
0.49.1
0.50
0.50.2
0.51
0.51.1
0.51.2
0.52
0.52.1
0.53
0.53.1
0.54
0.55
0.55.1
0.55.2
0.56
0.56.1
0.56.2
0.57
0.57.1
0.57.2
0.57.3
0.58
0.58.1
0.59
0.59.1
0.59.2
0.60
0.60.1
0.61
0.61.1
0.62.0
0.62.1
0.63
0.63.1
0.63.2
0.63.3
0.64.0
0.64.1
0.64.2
0.64.3
0.65.0
0.65.1
0.65.2
0.65.3
0.65.4
0.65.5
0.65.6
0.66.0
0.66.0.b2
0.66.0.beta0
0.66.0.beta1
0.66.0b3
0.66.1
0.66.1b0
0.67.0
0.67.0b0
0.67.0b1
0.67.1
0.68.0
0.68.0b0
0.68.0b1
0.68.0b2
0.68.1
0.69.0
0.69.0b0
0.69.0b1
0.69.0b2
0.69.0b3
0.69.1
0.7
0.7-rc.1
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.70.0
0.70.0b0
0.70.0b1
0.70.0b2
0.70.0b3
0.70.0b4
0.70.0b5
0.70.0b6
0.70.0b7
0.70.1
0.71.0
0.71.0b0
0.71.0b1
0.72.0
0.72.0b0
0.72.0b1
0.72.0b2
0.72.0b4
0.72.0b5
0.72.0b6
0.72.0b7
0.72.0b8
0.72.0b9
0.72.1
0.73.0
0.73.0b0
0.73.0b1
0.73.0b2
0.73.0b3
0.73.0b4
0.73.0b5
0.73.0b6
0.73.1
0.73.2
0.74.0
0.74.0b0
0.74.0b1
0.74.0b2
0.74.0b3
0.74.0b4
0.74.1
0.74.2
0.75.0
0.75.0b0
0.75.0b1
0.75.1
0.75.2
0.75.3
0.76.0
0.76.0b0
0.76.0b1
0.76.0b2
0.76.0b3
0.76.0b4
0.76.0b5
0.76.1
0.76.2
0.77.0
0.77.0b0
0.77.0b1
0.77.0b2
0.77.0b3
0.77.0b4
0.77.1
0.77.2
0.77.3
0.78.0
0.78.0b0
0.78.0b1
0.78.0b2
0.78.0b3
0.78.1
0.78.2
0.78.3
0.79.0
0.79.0b0
0.79.0b1
0.79.0b2
0.79.0b3
0.79.1
0.79.2
0.79.3
0.8
0.80.0
0.80.0b0
0.80.0b1
0.80.0b3
0.80.0b4
0.80.0b5
0.80.1
0.80.2
0.80.3
0.81.0
0.81.0b0
0.81.0b1
0.81.0b2
0.81.1
0.81.2
0.81.4
0.81.5
0.81.6
0.82.0
0.82.0b0
0.82.0b1
0.82.0b2
0.82.0b3
0.82.0b4
0.82.1
0.83.0
0.83.0b0
0.83.0b1
0.83.0b3
0.83.1
0.83.2
0.83.3
0.84.0
0.84.0b0
0.84.0b1
0.84.0b2
0.84.0b3
0.84.0b4
0.84.1
0.84.2
0.84.3
0.84.4
0.84.5
0.84.6
0.85.0
0.85.0b0
0.85.0b1
0.85.1
0.86.0
0.86.0b0
0.86.0b1
0.86.0b2
0.86.0b3
0.86.1
0.86.2
0.86.3
0.86.4
0.87.0
0.87.0b0
0.87.0b1
0.87.0b2
0.87.0b3
0.87.0b4
0.87.0b5
0.87.0b6
0.87.1
0.88.0
0.88.0b0
0.88.0b1
0.88.0b2
0.88.0b3
0.88.0b4
0.88.1
0.88.2
0.89.0
0.89.0b0
0.89.0b1
0.89.0b2
0.89.0b3
0.89.1
0.89.2
0.9
0.9.1
0.90.0
0.90.0b0
0.90.0b1
0.90.0b2
0.90.0b3
0.90.0b4
0.90.0b5
0.90.0b6
0.90.0b7
0.90.1
0.90.2
0.91.0
0.91.0b0
0.91.0b1
0.91.0b2
0.91.0b3
0.91.0b4
0.91.0b5
0.91.1
0.91.2
0.91.3
0.91.4
0.92.0
0.92.0b0
0.92.0b1
0.92.0b2
0.92.0b3
0.92.1
0.92.2
0.93.0
0.93.0b0
0.93.0b1
0.93.0b2
0.93.0b3
0.93.0b4
0.93.1
0.93.2
0.94.0
0.94.0b0
0.94.0b1
0.94.0b2
0.94.0b3
0.94.0b4
0.94.0b5
0.94.0b6
0.94.0b7
0.94.0b8
0.94.1
0.94.2
0.94.3
0.94.4
0.95.0
0.95.0b0
0.95.0b1
0.95.0b2
0.95.0b3
0.95.0b4
0.95.1
0.95.2
0.95.3
0.95.4
0.96.0
0.96.0b0
0.96.0b1
0.96.0b2
0.96.0b3
0.96.0b4
0.96.1
0.96.2
0.96.3
0.96.4
0.96.5
0.97.0
0.97.0b0
0.97.0b1
0.97.0b2
0.97.0b3
0.97.1
0.97.2
0.98.0
0.98.0b0
0.98.0b1
0.98.0b2
0.98.1
0.98.2
0.98.3
0.98.4
0.98.5
0.99.0
0.99.0b0
0.99.0b1
0.99.0b2
0.99.0b3
0.99.0b4
0.99.1
0.99.2
0.99.3

1.*

1.0.0b0
1.0.0b1
1.0.0b2
1.0.0b3
1.0.0b4
1.0.0b5
1.0.0b6

2020.*

2020.12.0
2020.12.1
2020.12.2

2021.*

2021.1.0
2021.1.0b0
2021.1.0b1
2021.1.0b2
2021.1.0b3
2021.1.1
2021.1.2
2021.1.3
2021.1.4
2021.1.5
2021.10.0
2021.10.0b0
2021.10.0b1
2021.10.0b2
2021.10.0b3
2021.10.0b4
2021.10.0b5
2021.10.0b6
2021.10.0b7
2021.10.0b8
2021.10.0b9
2021.10.1
2021.10.2
2021.10.3
2021.10.4
2021.10.5
2021.10.6
2021.10.7
2021.11.0
2021.11.0b0
2021.11.0b1
2021.11.0b2
2021.11.0b3
2021.11.0b4
2021.11.0b5
2021.11.1
2021.11.2
2021.11.3
2021.11.4
2021.11.5
2021.12.0
2021.12.0b0
2021.12.0b1
2021.12.0b2
2021.12.0b3
2021.12.0b4
2021.12.0b5
2021.12.0b6
2021.12.0b7
2021.12.1
2021.12.10
2021.12.2
2021.12.3
2021.12.4
2021.12.5
2021.12.6
2021.12.7
2021.12.8
2021.12.9
2021.2.0
2021.2.0b0
2021.2.0b1
2021.2.0b2
2021.2.0b3
2021.2.0b4
2021.2.0b5
2021.2.1
2021.2.2
2021.2.3
2021.3.0
2021.3.0b0
2021.3.0b1
2021.3.0b2
2021.3.0b3
2021.3.0b4
2021.3.0b5
2021.3.0b6
2021.3.0b7
2021.3.1
2021.3.2
2021.3.3
2021.3.4
2021.4.0
2021.4.0b0
2021.4.0b1
2021.4.0b2
2021.4.0b3
2021.4.0b4
2021.4.0b5
2021.4.0b6
2021.4.1
2021.4.2
2021.4.3
2021.4.4
2021.4.5
2021.4.6
2021.5.0
2021.5.0b0
2021.5.0b1
2021.5.0b2
2021.5.0b3
2021.5.0b4
2021.5.0b5
2021.5.0b6
2021.5.0b7
2021.5.0b8
2021.5.1
2021.5.2
2021.5.3
2021.5.4
2021.5.5
2021.6.0
2021.6.0b0
2021.6.0b1
2021.6.0b2
2021.6.0b3
2021.6.0b4
2021.6.0b5
2021.6.1
2021.6.2
2021.6.3
2021.6.4
2021.6.5
2021.6.6
2021.7.0
2021.7.0b0
2021.7.0b1
2021.7.0b2
2021.7.0b3
2021.7.0b4
2021.7.0b5
2021.7.0b6
2021.7.1
2021.7.2
2021.7.3
2021.7.4
2021.8.0
2021.8.0b0
2021.8.0b1
2021.8.0b10
2021.8.0b2
2021.8.0b3
2021.8.0b4
2021.8.0b5
2021.8.0b6
2021.8.0b7
2021.8.0b8
2021.8.0b9
2021.8.1
2021.8.2
2021.8.3
2021.8.4
2021.8.5
2021.8.6
2021.8.7
2021.8.8
2021.9.0
2021.9.0b0
2021.9.0b1
2021.9.0b2
2021.9.0b3
2021.9.0b4
2021.9.0b5
2021.9.0b6
2021.9.0b7
2021.9.1
2021.9.2
2021.9.3
2021.9.4
2021.9.5
2021.9.6
2021.9.7

2022.*

2022.10.0
2022.10.0b0
2022.10.0b1
2022.10.0b2
2022.10.0b3
2022.10.0b4
2022.10.0b5
2022.10.0b6
2022.10.1
2022.10.2
2022.10.3
2022.10.4
2022.10.5
2022.11.0
2022.11.0b0
2022.11.0b1
2022.11.0b2
2022.11.0b3
2022.11.0b4
2022.11.0b5
2022.11.0b6
2022.11.0b7
2022.11.1
2022.11.2
2022.11.3
2022.11.4
2022.11.5
2022.12.0
2022.12.0b0
2022.12.0b1
2022.12.0b2
2022.12.0b3
2022.12.0b4
2022.12.0b5
2022.12.0b6
2022.12.0b7
2022.12.1
2022.12.2
2022.12.3
2022.12.4
2022.12.5
2022.12.6
2022.12.7
2022.12.8
2022.12.9
2022.2.0
2022.2.0b0
2022.2.0b1
2022.2.0b2
2022.2.0b3
2022.2.0b4
2022.2.0b5
2022.2.0b6
2022.2.1
2022.2.2
2022.2.3
2022.2.4
2022.2.5
2022.2.6
2022.2.7
2022.2.8
2022.2.9
2022.3.0
2022.3.0b0
2022.3.0b1
2022.3.0b2
2022.3.0b3
2022.3.0b4
2022.3.0b5
2022.3.0b6
2022.3.1
2022.3.2
2022.3.3
2022.3.4
2022.3.5
2022.3.6
2022.3.7
2022.3.8
2022.4.0
2022.4.0b0
2022.4.0b1
2022.4.0b2
2022.4.0b3
2022.4.0b4
2022.4.0b5
2022.4.0b6
2022.4.1
2022.4.2
2022.4.3
2022.4.4
2022.4.5
2022.4.6
2022.4.7
2022.5.0
2022.5.0b0
2022.5.0b1
2022.5.0b2
2022.5.0b3
2022.5.0b4
2022.5.0b5
2022.5.0b6
2022.5.0b7
2022.5.1
2022.5.2
2022.5.3
2022.5.4
2022.5.5
2022.6.0
2022.6.0b0
2022.6.0b1
2022.6.0b2
2022.6.0b3
2022.6.0b4
2022.6.0b5
2022.6.0b6
2022.6.0b7
2022.6.1
2022.6.2
2022.6.3
2022.6.4
2022.6.5
2022.6.6
2022.6.7
2022.7.0
2022.7.0b0
2022.7.0b1
2022.7.0b2
2022.7.0b3
2022.7.0b4
2022.7.0b5
2022.7.1
2022.7.2
2022.7.3
2022.7.4
2022.7.5
2022.7.6
2022.7.7
2022.8.0
2022.8.0b0
2022.8.0b1
2022.8.0b2
2022.8.0b3
2022.8.0b4
2022.8.0b5
2022.8.0b6
2022.8.0b7
2022.8.1
2022.8.2
2022.8.3
2022.8.4
2022.8.5
2022.8.6
2022.8.7
2022.9.0
2022.9.0b0
2022.9.0b1
2022.9.0b2
2022.9.0b3
2022.9.0b4
2022.9.0b5
2022.9.0b6
2022.9.1
2022.9.2
2022.9.3
2022.9.4
2022.9.5
2022.9.6
2022.9.7

2023.*

2023.1.0
2023.1.0b0
2023.1.0b1
2023.1.0b2
2023.1.0b3
2023.1.0b4
2023.1.0b5
2023.1.1
2023.1.2
2023.1.3
2023.1.4
2023.1.5
2023.1.6
2023.1.7
2023.2.0
2023.2.0b0
2023.2.0b1
2023.2.0b2
2023.2.0b3
2023.2.0b4
2023.2.0b5
2023.2.0b6
2023.2.0b7
2023.2.0b8
2023.2.0b9
2023.2.1
2023.2.2
2023.2.3
2023.2.4
2023.2.5
2023.3.0
2023.3.0b0
2023.3.0b1
2023.3.0b2
2023.3.0b3
2023.3.0b4
2023.3.0b5
2023.3.0b6
2023.3.0b7
2023.3.1
2023.3.2
2023.3.3
2023.3.4
2023.3.5
2023.3.6
2023.4.0
2023.4.0b0
2023.4.0b1
2023.4.0b2
2023.4.0b3
2023.4.0b4
2023.4.0b5
2023.4.0b6
2023.4.0b7
2023.4.1
2023.4.2
2023.4.3
2023.4.4
2023.4.5
2023.4.6
2023.5.0
2023.5.0b0
2023.5.0b1
2023.5.0b2
2023.5.0b3
2023.5.0b4
2023.5.0b5
2023.5.0b6
2023.5.0b7
2023.5.0b8
2023.5.0b9
2023.5.1
2023.5.2
2023.5.3
2023.5.4
2023.6.0
2023.6.0b0
2023.6.0b1
2023.6.0b2
2023.6.0b3
2023.6.0b4
2023.6.0b5
2023.6.0b6
2023.6.1
2023.6.2
2023.6.3
2023.7.0
2023.7.0b0
2023.7.0b1
2023.7.0b2
2023.7.0b3
2023.7.0b4
2023.7.0b5
2023.7.0b6
2023.7.1
2023.7.2
2023.7.3
2023.8.0
2023.8.0b0
2023.8.0b1
2023.8.0b2
2023.8.0b3
2023.8.0b4
2023.8.1
2023.8.2
2023.8.3
2023.8.4
2023.9.0b0
2023.9.0b1
2023.9.0b2
2023.9.0b3
2023.9.0b4
2023.9.0b5
2023.9.0b6

Other

Last-Python2-release