Home > Vulnerability Database > CVE-2023-44385

Mend.io Vulnerability Database

CVE-2023-44385

Good to know:

Date: October 19, 2023

The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. Combined with this security advisory, may result in full compromise and remote code execution (RCE). Version 2023.7 addresses this issue and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-161.

Language: Python

Severity Score

8.8

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-44385

Url: https://github.com/home-assistant/core/security/advisories/GHSA-h2jp-7grc-9xpp

Url: https://www.mend.io/vulnerability-database/CVE-2023-44385

Severity Score

8.8

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

Upgrade Version

Upgrade to version homeassistant - 2023.7.0

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-44385

Good to know:

Date: October 19, 2023

Language: Python

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?