Home > Vulnerability Database > CVE-2023-41898

Mend.io Vulnerability Database

CVE-2023-41898

Good to know:

Date: October 19, 2023

Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential theft. This issue has been patched in version 2023.9.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-142`.

Language: Python

Severity Score

7.8

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-41898

Url: https://github.com/home-assistant/core/security/advisories/GHSA-jvpm-q3hq-86rg

Url: https://www.mend.io/vulnerability-database/CVE-2023-41898

Severity Score

7.8

Weakness Type (CWE)

Code Injection

CWE-94

Insufficient Verification of Data Authenticity

CWE-345

Top Fix

Upgrade Version

Upgrade to version homeassistant - 2023.9.2

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-41898

Good to know:

Date: October 19, 2023

Language: Python

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?