---

CVE-2021-3152 - log back

CVE-2021-3152 edited at 29 Jan 2021 16:39:06
Description	- Home Assistant before 2021.1.3 allows attackers to obtain sensitive information because custom integrations with ../ are mishandled. + Home Assistant before 2021.1.3 allows attackers to obtain sensitive information because custom integrations with ../ are mishandled leading to directory-traversal.

CVE-2021-3152 edited at 21 Jan 2021 19:26:23
Notes	+ Workaround + ========== + + The issue can be mitigated by disabling all custom integrations. This is achieved by renaming the custom_components folder inside the Home Assistant configuration folder to something else and restarting Home Assistant.

CVE-2021-3152 edited at 21 Jan 2021 19:21:31
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ Home Assistant before 2021.1.3 allows attackers to obtain sensitive information because custom integrations with ../ are mishandled.
References	+ https://www.home-assistant.io/blog/2021/01/14/security-bulletin/
Notes

CVE-2021-3152 created at 21 Jan 2021 19:18:24