How severe is CVE-2023-41894?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-41894?

This is classified as CWE-669, which is a common weakness in software security.

CVE-2023-41894

MEDIUM Year: 2023

CVSS v3 Score

5.3

Medium

Weakness Type

CWE-669

View all →

Vulnerability Description

Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the `*.ui.nabu.casa` URL without authentication, even when the webhook is marked as Only accessible from the local network. This issue is facilitated by the SniTun proxy, which sets the source address to 127.0.0.1 on all requests sent to the public URL and forwarded to the local Home Assistant. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2020-6862

MEDIUM

CVSS:5.3(Medium)

V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code.

CWE-6692020

CVE-2022-35916

MEDIUM

CVSS:5.3(Medium)

OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify di...

CWE-6692022

CVE-2020-15257

MEDIUM

CVSS:5.2(Medium)

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to...

CWE-6692020

CVE-2019-10753

MEDIUM

CVSS:5.9(Medium)

In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependen...

CWE-6692019

CVE-2020-10778

MEDIUM

CVSS:6.0(Medium)

In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business...

CWE-6692020

CVE-2024-37891

MEDIUM

CVSS:4.4(Medium)

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. H...

CWE-6692024

CVE-2023-41894

Vulnerability Description

Related Vulnerabilities

CVE-2020-6862

CVE-2022-35916

CVE-2020-15257

CVE-2019-10753

CVE-2020-10778

CVE-2024-37891