Obsidian Canvas
by Obsidian
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-27035 | 0.01 | — | 0.02 | May 1, 2023 | An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page. | |||
| CVE-2023-2110 | 0.00 | — | 0.00 | Aug 19, 2023 | Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/". This vulnerability can be exploited if a user opens a malicious… | |||
| CVE-2022-36450 | 0.00 | — | 0.20 | Jul 25, 2022 | Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL. |
- CVE-2023-27035May 1, 2023risk 0.01cvss —epss 0.02
An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.
- CVE-2023-2110Aug 19, 2023risk 0.00cvss —epss 0.00
Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/". This vulnerability can be exploited if a user opens a malicious…
- CVE-2022-36450Jul 25, 2022risk 0.00cvss —epss 0.20
Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL.