CVE-2023-33244

Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
obsidianobsidian
𝑥
< 1.2.2
𝑥
= Vulnerable software versions
References
https://forum.obsidian.md/t/obsidian-release-v1-2-2-insider-build/57488
https://vuln.ryotak.net/advisories/66
https://forum.obsidian.md/t/obsidian-release-v1-2-2-insider-build/57488
https://vuln.ryotak.net/advisories/66