Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: STAR_Labs
Published: 2023-08-19T05:31:48.974Z
Updated: 2024-08-02T06:12:20.430Z
Reserved: 2023-04-17T07:07:37.532Z
Link: CVE-2023-2110
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-08-19T06:15:45.613
Modified: 2023-08-24T14:56:05.247
Link: CVE-2023-2110
Redhat
No data.