What is CVE-2023-50715?

CVE-2023-50715 is a medium-severity vulnerability in Home-assistant Core, classified under Information Disclosure. CVSS score: 4.3/10. Published 2023-12-15.

How severe is CVE-2023-50715?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Information disclosure in Home-assistant Core

CVE-2023-50715

Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains…

Vulnerability class: Information Disclosure

EPSS: 0.002 (37.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Home-assistant Core — versions < 2023.12.3

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

https://github.com/home-assistant/core/security/advisories/GHSA-jqpc-rc7g-vf83 (x_refsource_CONFIRM)
https://github.com/home-assistant/core/commit/dbfc5ea8f96bde6cd165892f5a6a6f9a65731c76 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-50715?: CVE-2023-50715 is a medium-severity vulnerability in Home-assistant Core, classified under Information Disclosure. CVSS score: 4.3/10. Published 2023-12-15.
How severe is CVE-2023-50715?: Medium severity. CVSS v3 base score is 4.3 out of 10.