An gano wani mummunan rauni (CVE-2023-27482) a cikin buɗaɗɗen dandali mai sarrafa kansa na gida Mataimakin Mataimakin Gida, wanda ke ba ku damar ketare tantancewa da samun cikakkiyar dama ga API mai kulawa mai gata, ta inda zaku iya canza saituna, shigar/ sabunta software, sarrafa add-ons da madadin.
Matsalar tana shafar shigarwar da ke amfani da sashin Kulawa kuma ta bayyana tun farkon fitowar ta (tun 2017). Misali, raunin yana nan a cikin Mataimakin Gida OS da muhallin da ake kulawa da Mataimakin Gida, amma baya shafar Akwatin Assistant na Gida (Docker) kuma da hannu ya ƙirƙiri mahallin Python dangane da Core Assistant Core.
An ƙayyadadden raunin a cikin sigar Mataimakin Mataimakin Gida 2023.01.1. An haɗa ƙarin tsarin aiki a cikin Sakin Mataimakin Gida 2023.3.0. A kan tsarin da ba zai yiwu a shigar da sabuntawa don toshe raunin ba, za ka iya ƙuntata damar shiga tashar sadarwa na sabis na gidan yanar gizon Mataimakin Gida daga cibiyoyin sadarwa na waje.
Hanyar yin amfani da rashin lafiyar ba a riga an yi cikakken bayani ba (bisa ga masu haɓakawa, game da 1/3 na masu amfani sun shigar da sabuntawa kuma yawancin tsarin sun kasance masu rauni). A cikin sigar da aka gyara, a ƙarƙashin sunan ingantawa, an yi canje-canje ga sarrafa alamomi da kuma tambayoyin da aka ba da izini, kuma an ƙara masu tacewa don toshe maye gurbin tambayoyin SQL da shigar da " » и использования путей с «../» и «/./».
source: budenet.ru