First published: Mon May 01 2023(Updated: )
An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Obsidian Obsidian | =1.1.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-27035 is high with a score of 7.5.
CVE-2023-27035 allows remote attackers to send desktop notifications, record user audio, and potentially cause other unspecified impacts via an embedded website on the canvas page.
There is no official fix available yet for CVE-2023-27035 in Obsidian Canvas. It is recommended to monitor for any updates or patches from the vendor.
You can find more information about CVE-2023-27035 on the following references: [Reference 1](https://forum.obsidian.md/t/embedded-web-pages-in-obsidian-canvas-can-use-sensitive-web-apis-without-the-users-permission-grant/54509), [Reference 2](https://forum.obsidian.md/t/obsidian-release-v1-1-14-insider-build/54595), [Reference 3](https://github.com/fivex3/CVE-2023-27035).
CVE-2023-27035 belongs to CWE category 276.