CVE-2023-41897

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-41897

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-41897.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-41897

Related

GHSA-935v-rmg9-44mw
GHSA-cr83-q7r2-7f5q

Published

2023-10-19T22:23:32Z

Modified

2025-11-11T14:54:29.496375Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Lack of XFO header allows clickjacking in Home Assistant Core

Details

Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks and alternative exploit opportunities, such as the vector described in this security advisory. This fault incurs major risk, considering the ability to trick users into installing an external and malicious add-on with minimal user interaction, which would enable Remote Code Execution (RCE) within the Home Assistant application. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-1021"
    ]
}

References

Affected packages

Git / github.com/home-assistant/core

Affected ranges

Type

GIT

Repo

https://github.com/home-assistant/core

Events

Introduced

Fixed

f70469d6efad265beeae1b2da4f29e73263fe4a7

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2023.9.0"
        }
    ]
}

Affected versions

0.*

0.10

0.10.1

0.100.0

0.100.0b0

0.100.0b1

0.100.0b2

0.100.0b3

0.100.1

0.100.2

0.100.3

0.101.0

0.101.0b0

0.101.0b1

0.101.0b2

0.101.0b3

0.101.0b4

0.101.1

0.101.2

0.101.3

0.102.0

0.102.0b0

0.102.0b1

0.102.0b2

0.102.0b3

0.102.1

0.102.2

0.102.3

0.103.0

0.103.0b0

0.103.0b1

0.103.1

0.103.2

0.103.3

0.103.4

0.103.5

0.103.6

0.104.0

0.104.0b0

0.104.0b1

0.104.0b2

0.104.0b3

0.104.0b4

0.104.0b5

0.104.1

0.104.2

0.104.3

0.105.0

0.105.0b0

0.105.0b1

0.105.0b2

0.105.0b3

0.105.0b4

0.105.0b5

0.105.0b6

0.105.0b7

0.105.1

0.105.2

0.105.3

0.105.4

0.105.5

0.106.0

0.106.0b0

0.106.0b1

0.106.0b2

0.106.0b3

0.106.0b4

0.106.0b5

0.106.1

0.106.2

0.106.3

0.106.4

0.106.5

0.106.6

0.107.0

0.107.0b0

0.107.0b1

0.107.0b2

0.107.0b3

0.107.0b4

0.107.0b5

0.107.0b6

0.107.0b7

0.107.0b8

0.107.1

0.107.2

0.107.3

0.107.4

0.107.5

0.107.6

0.107.7

0.108.0

0.108.0b0

0.108.0b1

0.108.0b2

0.108.0b3

0.108.0b4

0.108.0b5

0.108.0b6

0.108.1

0.108.2

0.108.3

0.108.4

0.108.5

0.108.6

0.108.7

0.108.8

0.108.9

0.109.0

0.109.0b0

0.109.0b1

0.109.0b2

0.109.0b3

0.109.0b4

0.109.0b5

0.109.1

0.109.2

0.109.3

0.109.4

0.109.5

0.109.6

0.11

0.11.1

0.110.0

0.110.0b0

0.110.0b1

0.110.0b2

0.110.0b3

0.110.0b4

0.110.0b5

0.110.1

0.110.2

0.110.3

0.110.4

0.110.5

0.110.6

0.110.7

0.111.0

0.111.0b0

0.111.0b1

0.111.0b2

0.111.0b3

0.111.0b4

0.111.0b5

0.111.1

0.111.2

0.111.3

0.111.4

0.112.0

0.112.0b0

0.112.0b1

0.112.0b2

0.112.0b3

0.112.0b4

0.112.1

0.112.2

0.112.3

0.112.4

0.112.5

0.113.0

0.113.0b0

0.113.0b1

0.113.0b2

0.113.0b3

0.113.1

0.113.2

0.113.3

0.114.0

0.114.0b0

0.114.0b1

0.114.0b2

0.114.0b3

0.114.0b4

0.114.1

0.114.2

0.114.3

0.114.4

0.115.0

0.115.0b0

0.115.0b1

0.115.0b10

0.115.0b11

0.115.0b12

0.115.0b2

0.115.0b3

0.115.0b4

0.115.0b5

0.115.0b6

0.115.0b7

0.115.0b8

0.115.0b9

0.115.1

0.115.2

0.115.3

0.115.4

0.115.5

0.115.6

0.116.0

0.116.0b0

0.116.0b1

0.116.0b2

0.116.0b3

0.116.0b4

0.116.0b5

0.116.0b6

0.116.1

0.116.2

0.116.3

0.116.4

0.117.0

0.117.0b0

0.117.0b1

0.117.0b2

0.117.0b3

0.117.0b4

0.117.0b5

0.117.0b6

0.117.1

0.117.2

0.117.3

0.117.4

0.117.5

0.117.6

0.118.0

0.118.0b0

0.118.0b1

0.118.0b2

0.118.0b3

0.118.1

0.118.2

0.118.3

0.118.4

0.118.5

0.12

0.13

0.13.1

0.14

0.14.1

0.14.2

0.15

0.16

0.16.1

0.17

0.17.1

0.17.2

0.17.3

0.18

0.19

0.19.1

0.19.2

0.19.3

0.19.4

0.20

0.20.1

0.20.2

0.20.3

0.21

0.21.1

0.21.2

0.22

0.23

0.23.1

0.24

0.24.1

0.25

0.25.1

0.25.2

0.26

0.26.1

0.26.2

0.26.3

0.27.0

0.27.1

0.27.2

0.28

0.28.1

0.28.2

0.29

0.29.2

0.29.3

0.29.4

0.29.5

0.29.6

0.29.7

0.30

0.30.1

0.30.2

0.31

0.31.1

0.32

0.32.1

0.32.2

0.32.3

0.32.4

0.33

0.33.1

0.33.2

0.33.3

0.33.4

0.34

0.34.1

0.34.2

0.34.3

0.34.4

0.34.5

0.35

0.35.1

0.35.2

0.35.3

0.36

0.36.1

0.37

0.37.1

0.38

0.38.1

0.38.2

0.38.3

0.38.4

0.39

0.39.1

0.39.2

0.39.3

0.40

0.40.1

0.40.2

0.41

0.42

0.42.1

0.42.2

0.42.3

0.42.4

0.43

0.43.1

0.43.2

0.44

0.44.1

0.44.2

0.45

0.45.1

0.46

0.46.1

0.47

0.47.1

0.48

0.48.1

0.49

0.49.1

0.50

0.50.2

0.51

0.51.1

0.51.2

0.52

0.52.1

0.53

0.53.1

0.54

0.55

0.55.1

0.55.2

0.56

0.56.1

0.56.2

0.57

0.57.1

0.57.2

0.57.3

0.58

0.58.1

0.59

0.59.1

0.59.2

0.60

0.60.1

0.61

0.61.1

0.62.0

0.62.1

0.63

0.63.1

0.63.2

0.63.3

0.64.0

0.64.1

0.64.2

0.64.3

0.65.0

0.65.1

0.65.2

0.65.3

0.65.4

0.65.5

0.65.6

0.66.0

0.66.0.b2

0.66.0.beta0

0.66.0.beta1

0.66.0b3

0.66.1

0.66.1b0

0.67.0

0.67.0b0

0.67.0b1

0.67.1

0.68.0

0.68.0b0

0.68.0b1

0.68.0b2

0.68.1

0.69.0

0.69.0b0

0.69.0b1

0.69.0b2

0.69.0b3

0.69.1

0.7

0.7-rc.1

0.7.1

0.7.2

0.7.3

0.7.4

0.7.5

0.7.6

0.7.7

0.70.0

0.70.0b0

0.70.0b1

0.70.0b2

0.70.0b3

0.70.0b4

0.70.0b5

0.70.0b6

0.70.0b7

0.70.1

0.71.0

0.71.0b0

0.71.0b1

0.72.0

0.72.0b0

0.72.0b1

0.72.0b2

0.72.0b4

0.72.0b5

0.72.0b6

0.72.0b7

0.72.0b8

0.72.0b9

0.72.1

0.73.0

0.73.0b0

0.73.0b1

0.73.0b2

0.73.0b3

0.73.0b4

0.73.0b5

0.73.0b6

0.73.1

0.73.2

0.74.0

0.74.0b0

0.74.0b1

0.74.0b2

0.74.0b3

0.74.0b4

0.74.1

0.74.2

0.75.0

0.75.0b0

0.75.0b1

0.75.1

0.75.2

0.75.3

0.76.0

0.76.0b0

0.76.0b1

0.76.0b2

0.76.0b3

0.76.0b4

0.76.0b5

0.76.1

0.76.2

0.77.0

0.77.0b0

0.77.0b1

0.77.0b2

0.77.0b3

0.77.0b4

0.77.1

0.77.2

0.77.3

0.78.0

0.78.0b0

0.78.0b1

0.78.0b2

0.78.0b3

0.78.1

0.78.2

0.78.3

0.79.0

0.79.0b0

0.79.0b1

0.79.0b2

0.79.0b3

0.79.1

0.79.2

0.79.3

0.8

0.80.0

0.80.0b0

0.80.0b1

0.80.0b3

0.80.0b4

0.80.0b5

0.80.1

0.80.2

0.80.3

0.81.0

0.81.0b0

0.81.0b1

0.81.0b2

0.81.1

0.81.2

0.81.4

0.81.5

0.81.6

0.82.0

0.82.0b0

0.82.0b1

0.82.0b2

0.82.0b3

0.82.0b4

0.82.1

0.83.0

0.83.0b0

0.83.0b1

0.83.0b3

0.83.1

0.83.2

0.83.3

0.84.0

0.84.0b0

0.84.0b1

0.84.0b2

0.84.0b3

0.84.0b4

0.84.1

0.84.2

0.84.3

0.84.4

0.84.5

0.84.6

0.85.0

0.85.0b0

0.85.0b1

0.85.1

0.86.0

0.86.0b0

0.86.0b1

0.86.0b2

0.86.0b3

0.86.1

0.86.2

0.86.3

0.86.4

0.87.0

0.87.0b0

0.87.0b1

0.87.0b2

0.87.0b3

0.87.0b4

0.87.0b5

0.87.0b6

0.87.1

0.88.0

0.88.0b0

0.88.0b1

0.88.0b2

0.88.0b3

0.88.0b4

0.88.1

0.88.2

0.89.0

0.89.0b0

0.89.0b1

0.89.0b2

0.89.0b3

0.89.1

0.89.2

0.9

0.9.1

0.90.0

0.90.0b0

0.90.0b1

0.90.0b2

0.90.0b3

0.90.0b4

0.90.0b5

0.90.0b6

0.90.0b7

0.90.1

0.90.2

0.91.0

0.91.0b0

0.91.0b1

0.91.0b2

0.91.0b3

0.91.0b4

0.91.0b5

0.91.1

0.91.2

0.91.3

0.91.4

0.92.0

0.92.0b0

0.92.0b1

0.92.0b2

0.92.0b3

0.92.1

0.92.2

0.93.0

0.93.0b0

0.93.0b1

0.93.0b2

0.93.0b3

0.93.0b4

0.93.1

0.93.2

0.94.0

0.94.0b0

0.94.0b1

0.94.0b2

0.94.0b3

0.94.0b4

0.94.0b5

0.94.0b6

0.94.0b7

0.94.0b8

0.94.1

0.94.2

0.94.3

0.94.4

0.95.0

0.95.0b0

0.95.0b1

0.95.0b2

0.95.0b3

0.95.0b4

0.95.1

0.95.2

0.95.3

0.95.4

0.96.0

0.96.0b0

0.96.0b1

0.96.0b2

0.96.0b3

0.96.0b4

0.96.1

0.96.2

0.96.3

0.96.4

0.96.5

0.97.0

0.97.0b0

0.97.0b1

0.97.0b2

0.97.0b3

0.97.1

0.97.2

0.98.0

0.98.0b0

0.98.0b1

0.98.0b2

0.98.1

0.98.2

0.98.3

0.98.4

0.98.5

0.99.0

0.99.0b0

0.99.0b1

0.99.0b2

0.99.0b3

0.99.0b4

0.99.1

0.99.2

0.99.3

1.*

1.0.0b0

1.0.0b1

1.0.0b2

1.0.0b3

1.0.0b4

1.0.0b5

1.0.0b6

2020.*

2020.12.0

2020.12.1

2020.12.2

2021.*

2021.1.0

2021.1.0b0

2021.1.0b1

2021.1.0b2

2021.1.0b3

2021.1.1

2021.1.2

2021.1.3

2021.1.4

2021.1.5

2021.10.0

2021.10.0b0

2021.10.0b1

2021.10.0b2

2021.10.0b3

2021.10.0b4

2021.10.0b5

2021.10.0b6

2021.10.0b7

2021.10.0b8

2021.10.0b9

2021.10.1

2021.10.2

2021.10.3

2021.10.4

2021.10.5

2021.10.6

2021.10.7

2021.11.0

2021.11.0b0

2021.11.0b1

2021.11.0b2

2021.11.0b3

2021.11.0b4

2021.11.0b5

2021.11.1

2021.11.2

2021.11.3

2021.11.4

2021.11.5

2021.12.0

2021.12.0b0

2021.12.0b1

2021.12.0b2

2021.12.0b3

2021.12.0b4

2021.12.0b5

2021.12.0b6

2021.12.0b7

2021.12.1

2021.12.10

2021.12.2

2021.12.3

2021.12.4

2021.12.5

2021.12.6

2021.12.7

2021.12.8

2021.12.9

2021.2.0

2021.2.0b0

2021.2.0b1

2021.2.0b2

2021.2.0b3

2021.2.0b4

2021.2.0b5

2021.2.1

2021.2.2

2021.2.3

2021.3.0

2021.3.0b0

2021.3.0b1

2021.3.0b2

2021.3.0b3

2021.3.0b4

2021.3.0b5

2021.3.0b6

2021.3.0b7

2021.3.1

2021.3.2

2021.3.3

2021.3.4

2021.4.0

2021.4.0b0

2021.4.0b1

2021.4.0b2

2021.4.0b3

2021.4.0b4

2021.4.0b5

2021.4.0b6

2021.4.1

2021.4.2

2021.4.3

2021.4.4

2021.4.5

2021.4.6

2021.5.0

2021.5.0b0

2021.5.0b1

2021.5.0b2

2021.5.0b3

2021.5.0b4

2021.5.0b5

2021.5.0b6

2021.5.0b7

2021.5.0b8

2021.5.1

2021.5.2

2021.5.3

2021.5.4

2021.5.5

2021.6.0

2021.6.0b0

2021.6.0b1

2021.6.0b2

2021.6.0b3

2021.6.0b4

2021.6.0b5

2021.6.1

2021.6.2

2021.6.3

2021.6.4

2021.6.5

2021.6.6

2021.7.0

2021.7.0b0

2021.7.0b1

2021.7.0b2

2021.7.0b3

2021.7.0b4

2021.7.0b5

2021.7.0b6

2021.7.1

2021.7.2

2021.7.3

2021.7.4

2021.8.0

2021.8.0b0

2021.8.0b1

2021.8.0b10

2021.8.0b2

2021.8.0b3

2021.8.0b4

2021.8.0b5

2021.8.0b6

2021.8.0b7

2021.8.0b8

2021.8.0b9

2021.8.1

2021.8.2

2021.8.3

2021.8.4

2021.8.5

2021.8.6

2021.8.7

2021.8.8

2021.9.0

2021.9.0b0

2021.9.0b1

2021.9.0b2

2021.9.0b3

2021.9.0b4

2021.9.0b5

2021.9.0b6

2021.9.0b7

2021.9.1

2021.9.2

2021.9.3

2021.9.4

2021.9.5

2021.9.6

2021.9.7

2022.*

2022.10.0

2022.10.0b0

2022.10.0b1

2022.10.0b2

2022.10.0b3

2022.10.0b4

2022.10.0b5

2022.10.0b6

2022.10.1

2022.10.2

2022.10.3

2022.10.4

2022.10.5

2022.11.0

2022.11.0b0

2022.11.0b1

2022.11.0b2

2022.11.0b3

2022.11.0b4

2022.11.0b5

2022.11.0b6

2022.11.0b7

2022.11.1

2022.11.2

2022.11.3

2022.11.4

2022.11.5

2022.12.0

2022.12.0b0

2022.12.0b1

2022.12.0b2

2022.12.0b3

2022.12.0b4

2022.12.0b5

2022.12.0b6

2022.12.0b7

2022.12.1

2022.12.2

2022.12.3

2022.12.4

2022.12.5

2022.12.6

2022.12.7

2022.12.8

2022.12.9

2022.2.0

2022.2.0b0

2022.2.0b1

2022.2.0b2

2022.2.0b3

2022.2.0b4

2022.2.0b5

2022.2.0b6

2022.2.1

2022.2.2

2022.2.3

2022.2.4

2022.2.5

2022.2.6

2022.2.7

2022.2.8

2022.2.9

2022.3.0

2022.3.0b0

2022.3.0b1

2022.3.0b2

2022.3.0b3

2022.3.0b4

2022.3.0b5

2022.3.0b6

2022.3.1

2022.3.2

2022.3.3

2022.3.4

2022.3.5

2022.3.6

2022.3.7

2022.3.8

2022.4.0

2022.4.0b0

2022.4.0b1

2022.4.0b2

2022.4.0b3

2022.4.0b4

2022.4.0b5

2022.4.0b6

2022.4.1

2022.4.2

2022.4.3

2022.4.4

2022.4.5

2022.4.6

2022.4.7

2022.5.0

2022.5.0b0

2022.5.0b1

2022.5.0b2

2022.5.0b3

2022.5.0b4

2022.5.0b5

2022.5.0b6

2022.5.0b7

2022.5.1

2022.5.2

2022.5.3

2022.5.4

2022.5.5

2022.6.0

2022.6.0b0

2022.6.0b1

2022.6.0b2

2022.6.0b3

2022.6.0b4

2022.6.0b5

2022.6.0b6

2022.6.0b7

2022.6.1

2022.6.2

2022.6.3

2022.6.4

2022.6.5

2022.6.6

2022.6.7

2022.7.0

2022.7.0b0

2022.7.0b1

2022.7.0b2

2022.7.0b3

2022.7.0b4

2022.7.0b5

2022.7.1

2022.7.2

2022.7.3

2022.7.4

2022.7.5

2022.7.6

2022.7.7

2022.8.0

2022.8.0b0

2022.8.0b1

2022.8.0b2

2022.8.0b3

2022.8.0b4

2022.8.0b5

2022.8.0b6

2022.8.0b7

2022.8.1

2022.8.2

2022.8.3

2022.8.4

2022.8.5

2022.8.6

2022.8.7

2022.9.0

2022.9.0b0

2022.9.0b1

2022.9.0b2

2022.9.0b3

2022.9.0b4

2022.9.0b5

2022.9.0b6

2022.9.1

2022.9.2

2022.9.3

2022.9.4

2022.9.5

2022.9.6

2022.9.7

2023.*

2023.1.0

2023.1.0b0

2023.1.0b1

2023.1.0b2

2023.1.0b3

2023.1.0b4

2023.1.0b5

2023.1.1

2023.1.2

2023.1.3

2023.1.4

2023.1.5

2023.1.6

2023.1.7

2023.2.0

2023.2.0b0

2023.2.0b1

2023.2.0b2

2023.2.0b3

2023.2.0b4

2023.2.0b5

2023.2.0b6

2023.2.0b7

2023.2.0b8

2023.2.0b9

2023.2.1

2023.2.2

2023.2.3

2023.2.4

2023.2.5

2023.3.0

2023.3.0b0

2023.3.0b1

2023.3.0b2

2023.3.0b3

2023.3.0b4

2023.3.0b5

2023.3.0b6

2023.3.0b7

2023.3.1

2023.3.2

2023.3.3

2023.3.4

2023.3.5

2023.3.6

2023.4.0

2023.4.0b0

2023.4.0b1

2023.4.0b2

2023.4.0b3

2023.4.0b4

2023.4.0b5

2023.4.0b6

2023.4.0b7

2023.4.1

2023.4.2

2023.4.3

2023.4.4

2023.4.5

2023.4.6

2023.5.0

2023.5.0b0

2023.5.0b1

2023.5.0b2

2023.5.0b3

2023.5.0b4

2023.5.0b5

2023.5.0b6

2023.5.0b7

2023.5.0b8

2023.5.0b9

2023.5.1

2023.5.2

2023.5.3

2023.5.4

2023.6.0

2023.6.0b0

2023.6.0b1

2023.6.0b2

2023.6.0b3

2023.6.0b4

2023.6.0b5

2023.6.0b6

2023.6.1

2023.6.2

2023.6.3

2023.7.0

2023.7.0b0

2023.7.0b1

2023.7.0b2

2023.7.0b3

2023.7.0b4

2023.7.0b5

2023.7.0b6

2023.7.1

2023.7.2

2023.7.3

2023.8.0

2023.8.0b0

2023.8.0b1

2023.8.0b2

2023.8.0b3

2023.8.0b4

2023.8.1

2023.8.2

2023.8.3

2023.8.4

2023.9.0b0

2023.9.0b1

2023.9.0b2

2023.9.0b3

2023.9.0b4

2023.9.0b5

2023.9.0b6

Other

Last-Python2-release

Git / github.com/home-assistant/home-assistant