{"id":"CVE-2020-36517","details":"An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration.","modified":"2026-04-02T06:08:30.080659Z","published":"2022-03-10T17:41:21.183Z","references":[{"type":"ADVISORY","url":"https://github.com/home-assistant/plugin-dns/issues/17"},{"type":"REPORT","url":"https://community.home-assistant.io/t/ha-os-dns-setting-configuration-not-respected/356572"},{"type":"REPORT","url":"https://github.com/home-assistant/plugin-dns/issues/22"},{"type":"REPORT","url":"https://github.com/home-assistant/plugin-dns/issues/50"},{"type":"REPORT","url":"https://github.com/home-assistant/plugin-dns/issues/51"},{"type":"REPORT","url":"https://github.com/home-assistant/plugin-dns/issues/20"},{"type":"REPORT","url":"https://github.com/home-assistant/plugin-dns/pull/56"},{"type":"FIX","url":"https://github.com/home-assistant/plugin-dns/pull/58"},{"type":"FIX","url":"https://github.com/home-assistant/plugin-dns/pull/59"},{"type":"FIX","url":"https://github.com/home-assistant/plugin-dns/pull/55"},{"type":"EVIDENCE","url":"https://github.com/home-assistant/plugin-dns/issues/6"},{"type":"EVIDENCE","url":"https://github.com/home-assistant/plugin-dns/issues/53"},{"type":"EVIDENCE","url":"https://github.com/home-assistant/plugin-dns/issues/54"},{"type":"EVIDENCE","url":"https://github.com/home-assistant/plugin-dns/issues/64"},{"type":"EVIDENCE","url":"https://github.com/home-assistant/plugin-dns/issues/70"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/home-assistant/plugin-dns","events":[{"introduced":"0"},{"last_affected":"96a587bba9afec5efa0ea0685d29bcf6ee4a44b8"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2022.03"}]}}],"versions":["1","2","2020.10.0","2020.10.1","2020.10.2","2020.11.0","2020.12.0","2021.01.0","2021.04.0","2021.06.0","2022.02.0","2022.03.0","3","4","5","6","7","8","9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36517.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}