Kusagadzikana kwakadzama (CVE-2023-27482) yakaonekwa mune yakavhurika imba otomatiki papuratifomu Mubatsiri Wepamba, iyo inokutendera kuti upfuure huchokwadi uye uwane mukana wakazara kune yakasarudzika Supervisor API, kuburikidza iyo iwe yaunogona kuchinja marongero, kuisa / kugadzirisa software, maneja ma-add-ons uye backups.
Dambudziko rinokanganisa kuisirwa kunoshandisa iyo Supervisor chikamu uye yakaonekwa kubva payakatanga kuburitswa (kubvira 2017). Semuyenzaniso, kusazvibata kuripo munzvimbo yeKumba Mubatsiri OS uye Mubatsiri Wepamba Anotariswa nharaunda, asi haikanganise Mubatsiri Wepamusha Container (Docker) uye nemaoko akagadzirwa nharaunda dzePython zvichienderana neKumba Mubatsiri Core.
Kusagadzikana kwacho kwakagadziriswa muHome Assistant Supervisor version 2023.01.1. Imwe yekuwedzera workaround inosanganisirwa muKumba Mubatsiri 2023.3.0 kuburitswa. Pane masisitimu ayo asingakwanise kuisa iyo yekuvandudza kuvharira njodzi, unogona kurambidza kupinda kunetiweki port yeHome Assistant web service kubva kune ekunze network.
Iyo nzira yekushandisa kusazvibata haisati yatsanangurwa (maererano nevagadziri, vangangoita 1/3 yevashandisi vakaisa iyo yekuvandudza uye akawanda masisitimu anoramba ari munjodzi). Mushanduro yakagadziridzwa, pasi pechifukidzo chekugadzirisa, shanduko dzakaitwa pakugadziriswa kwematokeni uye mibvunzo yeproxied, uye mafirita akawedzerwa kuvharira kutsiviwa kweSQL mibvunzo uye kuiswa kwe " Β» ΠΈ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ ΠΏΡΡΠ΅ΠΉ Ρ Β«../Β» ΠΈ Β«/./Β».
Source: opennet.ru