Eriner

Name of the Vulnerable Software and Affected Versions: Home Assistant Community Add-on: SSH & Web Terminal versions prior to 10.0.0 Description: The addon.stdin service has an attack surface that requires social engineering. Although the vendor does not agree that this is a vulnerability, addon.stdin was removed as a defense-in-depth measure against complex social engineering situations. Recommendations: For versions prior to 10.0.0, consider removing or disabling the addon.stdin service as a defense-in-depth measure against complex social engineering situations.

**Name of the Vulnerable Software and Affected Versions** Argo versions prior to v1.5.0-rc1 **Description** The issue allows authenticated Argo users to submit API calls to retrieve secrets and other manifests stored within git. **Recommendations** For versions prior to v1.5.0-rc1, update to version v1.5.0-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information stored within git until the update is applied.