CVE-2023-27482 PoC — Home Assistant 授权问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-27482.yaml

Associated Vulnerability

Title:Home Assistant 授权问题漏洞 (CVE-2023-27482)
Description:Home Assistant是一套开源的家庭自动化管理系统。该系统主要用于控制家庭自动化设备。 Home Assistant Supervisor 2023.01.1之前版本存在授权问题漏洞，该漏洞源于存在身份验证绕过漏洞。

Description

Home Assistant Supervisor is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered.This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected.

File Snapshot


 id: CVE-2023-27482

info:
  name: Home Assistant Supervisor - Authentication Bypass
  author: Dhiyan

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!