11/1/2023 0 Comments Home assistant wunderground![]() The conclusion is that some custom integrations are still vulnerable to a directory traversal attack while not being authenticated with Home Assistant. We verified all fixes made to custom integrations that were found to be vulnerable in the previous security disclosure. We learned that not all custom integrations that implement security patches are sufficient to deflect the problem. It provided more insight on the implementation of the fixes done for the previous security vulnerability. On the morning of Saturday, January 23 2021, the Home Assistant project was informed by security researcher Nathan Brady about a security vulnerability. ![]() If you have used any of the custom integrations with a known vulnerability, we recommend that you update your credentials.Upgrade the custom integrations to a fixed version or remove them from your installation.Home Assistant Core 2021.1.5 added mitigation to prevent the issue from happening. Upgrade Home Assistant as soon as possible.Previously implemented fixes were not sufficient. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |