Lucene search

[email protected]NVD:CVE-2023-27035

HistoryMay 01, 2023 - 10:15 p.m.

CVE-2023-27035

2023-05-0122:15:09

CWE-276

[email protected]

web.nvd.nist.gov

obsidian canvas

vulnerability

remote attackers

notifications

record user audio

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.6%

JSON

An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.

Affected configurations

NVD

Node

obsidianobsidianMatch1.1.9

References

forum.obsidian.md/t/embedded-web-pages-in-obsidian-canvas-can-use-sensitive-web-apis-without-the-users-permission-grant/54509

forum.obsidian.md/t/obsidian-release-v1-1-14-insider-build/54595

github.com/fivex3/CVE-2023-27035

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.6%

JSON

Related for NVD:CVE-2023-27035

cve1 osv1 prion1 cvelist1 wallarmlab1