CVE-2024-44069 Information

Description

Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supplier reportedly does ot consider the bug a security issue\ but the specific motivation for letting arbitrary persons change the value (Celsius Fahrenheit or Kelvin) seen by the device owner is unclear.

Reference

https://github.com/pi-hole/web/pull/3077 https://www.kiyell.com/The-Harmless-Pihole-Bug/