CVE-2018-21019

HIGH

Home Assistant < 0.67.0 - Unauthenticated Sensitive Information Exposure via API Error Log

Title source: llm
STIX 2.1

Description

Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.

References (2)

Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/home-assistant/home-assistant/pull/13836

Scores

CVSS v3 7.5
EPSS 0.0168
EPSS Percentile 74.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
home-assistant/home-assistant < 0.67.0
pypi/homeassistant 0 - 0.67.0PyPI
Published Sep 23, 2019
Tracked Since Feb 18, 2026