Obsidian - Obsidian CVE

Filtered by vendor Obsidian Subscribe

Filtered by product Obsidian

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-2110	4 Apple, Linux, Microsoft and 1 more	4 Macos, Linux Kernel, Windows and 1 more	2023-08-24	N/A	7.1 HIGH
Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian.

Vulnerabilities (CVE)