CVE-2023-27035

CVSS V2 None CVSS V3 None

Description

An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.

Overview

CVE ID
CVE-2023-27035

Assigner
cve@mitre.org

Vulnerability Status
Received

Published Version
2023-05-01T22:15:09

Last Modified Date
2023-05-01T22:15:09

References

Reference URL	Reference Tags
https://forum.obsidian.md/t/embedded-web-pages-in-obsidian-canvas-can-use-sensitive-web-apis-without-the-users-permission-grant/54509
https://forum.obsidian.md/t/obsidian-release-v1-1-14-insider-build/54595
https://github.com/fivex3/CVE-2023-27035

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-27035
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27035

History

Created	Old Value	New Value	Data Type	Notes
2023-05-01 23:00:44				Added to TrackCVE