CVE-2020-36517 Information

Description

An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://github.com/home-assistant/plugin-dns/issues/6 https://github.com/home-assistant/plugin-dns/pull/55 https://community.home-assistant.io/t/ha-os-dns-setting-configuration-not-respected/356572 https://github.com/home-assistant/plugin-dns/pull/56 https://github.com/home-assistant/plugin-dns/issues/17 https://github.com/home-assistant/plugin-dns/pull/59 https://github.com/home-assistant/plugin-dns/pull/58 https://github.com/home-assistant/plugin-dns/issues/22 https://github.com/home-assistant/plugin-dns/issues/54 https://github.com/home-assistant/plugin-dns/issues/64 https://github.com/home-assistant/plugin-dns/issues/53 https://github.com/home-assistant/plugin-dns/issues/20 https://github.com/home-assistant/plugin-dns/issues/51 https://github.com/home-assistant/plugin-dns/issues/50 https://github.com/home-assistant/plugin-dns/issues/70

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5