obsidian 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには パス処理の欠陥 and vendor risk input validation があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact unexpected behavior and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-2110 | Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian. | [email protected] | 8.2 | 0.08% | 2023-08-19 | 2024-11-21 |
| CVE-2023-33244 | Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page. | [email protected] | 8.2 | 0.35% | 2023-05-20 | 2025-01-31 |
| CVE-2023-27035 | An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page. | [email protected] | 6.5 | 8.84% | 2023-05-01 | 2025-01-30 |
| CVE-2022-36450 | Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL. | [email protected] | 8.0 | 2.52% | 2022-07-25 | 2024-11-21 |
| CVE-2021-42057 | Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases. | [email protected] | 7.8 | 0.28% | 2021-11-04 | 2024-11-21 |
| CVE-2021-38148 | Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs. | [email protected] | 9.8 | 0.50% | 2021-08-07 | 2024-11-21 |