CVE-2020-36517

{"id": "CVE-2020-36517", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-03-10T17:41:21.183", "references": [{"url": "https://community.home-assistant.io/t/ha-os-dns-setting-configuration-not-respected/356572", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/home-assistant/plugin-dns/issues/17", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/home-assistant/plugin-dns/issues/20", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/home-assistant/plugin-dns/issues/22", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/home-assistant/plugin-dns/issues/50", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/home-assistant/plugin-dns/issues/51", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/home-assistant/plugin-dns/issues/53", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/home-assistant/plugin-dns/issues/54", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/home-assistant/plugin-dns/issues/6", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/home-assistant/plugin-dns/issues/64", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/home-assistant/plugin-dns/issues/70", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/home-assistant/plugin-dns/pull/55", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/home-assistant/plugin-dns/pull/56", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/home-assistant/plugin-dns/pull/58", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/home-assistant/plugin-dns/pull/59", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration."}, {"lang": "es", "value": "Una filtrado de informaci\u00f3n en Nabu Casa Home Assistant Operating System and Home Assistant Supervised versi\u00f3n 2022.03, permite que un operador de DNS obtenga conocimientos sobre los recursos de la red interna por medio de la configuraci\u00f3n del DNS embebida"}], "lastModified": "2022-03-14T19:46:02.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:home-assistant:home-assistant:2022.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08694ACE-E7A9-4840-A2D2-851527D6DEDF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}