References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service URLs, integration names, and service types. This issue has been patched in version 1.54.0.

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200

CWE-862

https://github.com/homarr-labs/homarr/commit/91fc5a5c747121475a50f2713d571ceb89e95257

https://github.com/homarr-labs/homarr/releases/tag/v1.54.0

https://github.com/homarr-labs/homarr/security/advisories/GHSA-m4vc-4prp-cvp7