CVE-2023-33244

EUVD-2023-37413
Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CISA-ADPADP
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
obsidianobsidian
𝑥
< 1.2.2
𝑥
= Vulnerable software versions
References
https://forum.obsidian.md/t/obsidian-release-v1-2-2-insider-build/57488
https://vuln.ryotak.net/advisories/66
https://forum.obsidian.md/t/obsidian-release-v1-2-2-insider-build/57488
https://vuln.ryotak.net/advisories/66