Home Assistant vulnerability: "The issue allowed an attacker to remotely bypass authentication and interact directly with the Supervisor API ... this issue has been in Home Assistant since the introduction of the Supervisor in 2017"

https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/