Advisory #66
TitleObsidian privacy-related APIs access from embedded web pages
CVE IDCVE-2023-33244
Affected productObsidian
Affected versions<= 1.2.1
Vulnerability typeCWE-284 (Improper Access Control)
DescriptionAn issue discovered in Obsidian <= 1.2.1 allows remote attackers to access web cameras, microphones, send desktop notifications, record user audio and other unspecified impacts via embedded website on the note.
StatusFixed in 1.2.2
RecommendationUpdate to 1.2.2 or above