Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle
Vulnerability Description
ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form (beta feature) accepts a user-supplied ha_url and makes a server-side HTTP request to {ha_url}/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional code paths in OAuth tool calls (REST and WebSocket) are affected by the same primitive. The primary deployment method (private URL with pre-configured HOMEASSISTANT_TOKEN) is not affected. This vulnerability is fixed in 7.0.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
The Unofficial and Awesome Home Assistant MCP Server 代码问题漏洞
Vulnerability Description
The Unofficial and Awesome Home Assistant MCP Server是The Unofficial Home Assistant AI Toolkit开源的一个连接智能家居平台与AI助手的服务器。 The Unofficial and Awesome Home Assistant MCP Server 7.0.0之前版本存在代码问题漏洞,该漏洞源于OAuth同意表单对用户提供的ha_url缺少验证,可能导致未经验证的攻击者通过错误信息进行内部网络侦察。
CVSS Information
N/A
Vulnerability Type
N/A