CVE-2023-27482

Name of the Vulnerable Software and Affected Versions Home Assistant Supervisor versions 2023.01.1 and earlier Home Assistant Core versions prior to 2023.3.0

Description A remotely exploitable issue has been discovered in Home Assistant, allowing unauthorized access to the Supervisor API by bypassing authentication. This affects all Home Assistant installations using the Supervisor 2023.01.1 or older, excluding installations like Home Assistant Container or Home Assistant Core in a Python environment. The issue has been mitigated in Supervisor version 2023.03.1 and Home Assistant Core 2023.3.0.

Recommendations For Home Assistant Supervisor versions 2023.01.1 and earlier, upgrade to at least version 2023.03.1. For Home Assistant Core versions prior to 2023.3.0, upgrade to at least version 2023.3.0. As a temporary workaround, consider not exposing your Home Assistant instance to the internet until the issue is resolved.