What is CVE-2023-41897?

CVE-2023-41897 is a high-severity vulnerability in Home-assistant Core, classified under Improper Restriction of Rendered UI Layers or Frames (Clickjacking). CVSS score: 8.8/10. Published 2023-10-19.

How severe is CVE-2023-41897?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Home-assistant Core

CVE-2023-41897

Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and co…

EPSS: 0.019 (83.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Home-assistant Core — versions < 2023.9.0

Weakness classification (CWE)

CWE-1021 — Improper Restriction of Rendered UI Layers or Frames (Clickjacking)

References

https://github.com/home-assistant/core/security/advisories/GHSA-935v-rmg9-44mw (x_refsource_CONFIRM)
https://github.com/home-assistant/core/security/advisories/GHSA-cr83-q7r2-7f5q (x_refsource_MISC)
https://www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-41897?: CVE-2023-41897 is a high-severity vulnerability in Home-assistant Core, classified under Improper Restriction of Rendered UI Layers or Frames (Clickjacking). CVSS score: 8.8/10. Published 2023-10-19.
How severe is CVE-2023-41897?: High severity. CVSS v3 base score is 8.8 out of 10.