CVE-2020-36517
CVE-2020-36517
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://community.home-assistant.io/t/ha-os-dns-setting-configuration-not-respected/356572https://github.com/home-assistant/plugin-dns/issues/17https://github.com/home-assistant/plugin-dns/issues/20https://github.com/home-assistant/plugin-dns/issues/22https://github.com/home-assistant/plugin-dns/issues/50https://github.com/home-assistant/plugin-dns/issues/51https://github.com/home-assistant/plugin-dns/issues/53https://github.com/home-assistant/plugin-dns/issues/54https://github.com/home-assistant/plugin-dns/issues/6https://github.com/home-assistant/plugin-dns/issues/64https://github.com/home-assistant/plugin-dns/issues/70https://github.com/home-assistant/plugin-dns/pull/55