GladysAssistant/Gladys

GladysAssistant/Gladys

gladysassistant.com

Releases260

Frequency2 weeks 1 day

Last Release 4 days ago

Stars3.06K

A privacy-first, open-source home assistant

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-47210 ↗	Sep 21, 2024Saturday, 21 September 2024, 23:15	8.8 HIGH	—
Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js.
CVE-2023-47440 ↗	Dec 7, 2023Thursday, 7 December 2023, 18:15	6.5 MEDIUM	—
Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine.
CVE-2023-43256 ↗	Sep 25, 2023Monday, 25 September 2023, 14:15	6.5 MEDIUM	—
A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input.