Vulnerability Details CVE-2020-36517
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://community.home-assistant.io/t/ha-os-dns-setting-configuration-not-respected/356572
- https://github.com/home-assistant/plugin-dns/issues/17
- https://github.com/home-assistant/plugin-dns/issues/20
- https://github.com/home-assistant/plugin-dns/issues/22
- https://github.com/home-assistant/plugin-dns/issues/50
- https://github.com/home-assistant/plugin-dns/issues/51
- https://github.com/home-assistant/plugin-dns/issues/53
- https://github.com/home-assistant/plugin-dns/issues/54
- https://github.com/home-assistant/plugin-dns/issues/6
- https://github.com/home-assistant/plugin-dns/issues/64
- https://github.com/home-assistant/plugin-dns/issues/70
- https://github.com/home-assistant/plugin-dns/pull/55
- https://github.com/home-assistant/plugin-dns/pull/56
- https://github.com/home-assistant/plugin-dns/pull/58
- https://github.com/home-assistant/plugin-dns/pull/59
- https://community.home-assistant.io/t/ha-os-dns-setting-configuration-not-respected/356572
- https://github.com/home-assistant/plugin-dns/issues/17
- https://github.com/home-assistant/plugin-dns/issues/20
- https://github.com/home-assistant/plugin-dns/issues/22
- https://github.com/home-assistant/plugin-dns/issues/50
- https://github.com/home-assistant/plugin-dns/issues/51
- https://github.com/home-assistant/plugin-dns/issues/53
- https://github.com/home-assistant/plugin-dns/issues/54
- https://github.com/home-assistant/plugin-dns/issues/6
- https://github.com/home-assistant/plugin-dns/issues/64
- https://github.com/home-assistant/plugin-dns/issues/70
- https://github.com/home-assistant/plugin-dns/pull/55
- https://github.com/home-assistant/plugin-dns/pull/56
- https://github.com/home-assistant/plugin-dns/pull/58
- https://github.com/home-assistant/plugin-dns/pull/59
Products affected by CVE-2020-36517
-
cpe:2.3:a:home-assistant:home-assistant:2022.03