CVE-2023-27035

Опубликовано: 01 мая 2023

Источник: nvd

CVSS3: 6.5

CVSS3: 7.5

EPSS Средний

Описание

An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.

Ссылки

https://forum.obsidian.md/t/embedded-web-pages-in-obsidian-canvas-can-use-sensitive-web-apis-without-the-users-permission-grant/54509
Exploit
https://forum.obsidian.md/t/obsidian-release-v1-1-14-insider-build/54595
Release Notes
https://github.com/fivex3/CVE-2023-27035
Exploit
Third Party Advisory
https://forum.obsidian.md/t/embedded-web-pages-in-obsidian-canvas-can-use-sensitive-web-apis-without-the-users-permission-grant/54509
Exploit
https://forum.obsidian.md/t/obsidian-release-v1-1-14-insider-build/54595
Release Notes
https://github.com/fivex3/CVE-2023-27035
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:obsidian:obsidian:1.1.9:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.21253

Средний

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-276

Связанные уязвимости

GHSA-3mrx-4wfm-g48p

CVSS3: 6.5

github

почти 3 года назад

An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.

EPSS

Процентиль: 96%

0.21253

Средний

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-276