Lucene search

MitreCVELIST:CVE-2023-27035

HistoryMay 01, 2023 - 12:00 a.m.

CVE-2023-27035

2023-05-0100:00:00

mitre

www.cve.org

obsidian canvas

remote code execution

desktop notifications

user audio

website vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

69.6%

JSON

An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.

References

forum.obsidian.md/t/embedded-web-pages-in-obsidian-canvas-can-use-sensitive-web-apis-without-the-users-permission-grant/54509

forum.obsidian.md/t/obsidian-release-v1-1-14-insider-build/54595

github.com/fivex3/CVE-2023-27035

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

69.6%

JSON

Related for CVELIST:CVE-2023-27035