Advisory #66
| Title | Obsidian privacy-related APIs access from embedded web pages |
| CVE ID | CVE-2023-33244 |
| Vendor | Obsidian |
| Affected product | Obsidian |
| Affected versions | <= 1.2.1 |
| Vulnerability type | CWE-284 (Improper Access Control) |
| Description | An issue discovered in Obsidian <= 1.2.1 allows remote attackers to access web cameras, microphones, send desktop notifications, record user audio and other unspecified impacts via embedded website on the note. |
| Status | Fixed in 1.2.2 |
| Recommendation | Update to 1.2.2 or above |