{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T16:28:30.762","vulnerabilities":[{"cve":{"id":"CVE-2023-44385","sourceIdentifier":"security-advisories@github.com","published":"2023-10-19T23:15:08.953","lastModified":"2024-11-21T08:25:47.467","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. Combined with this security advisory, may result in full compromise and remote code execution (RCE). Version 2023.7 addresses this issue and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-161."},{"lang":"es","value":"La aplicación Home Assistant Companion para iOS y macOS hasta la versión 2023.4 es vulnerable a Client-Side Request Forgery. Los atacantes pueden enviar links/QR maliciosos a las víctimas que, cuando los visitan, harán que la víctima llame a servicios arbitrarios en su instalación de Home Assistant. Combinado con este aviso de seguridad, puede resultar en un compromiso total y en la Remote Code Execution (RCE). La versión 2023.7 soluciona este problema y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad. Este problema también se rastrea como GitHub Security Lab (GHSL) Informe de vulnerabilidad: GHSL-2023-161."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:home-assistant:home_assistant_companion:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"2023.7","matchCriteriaId":"5BCFBE59-DDDE-4A03-847D-1AD606CF80A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:home-assistant:home_assistant_companion:*:*:*:*:*:macos:*:*","versionEndExcluding":"2023.7","matchCriteriaId":"E885DBBB-8BEC-4306-8D83-641B2BB6927B"}]}]}],"references":[{"url":"https://github.com/home-assistant/core/security/advisories/GHSA-h2jp-7grc-9xpp","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/home-assistant/core/security/advisories/GHSA-h2jp-7grc-9xpp","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}