Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2023-27035

Description

An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.

POC

Reference

- https://forum.obsidian.md/t/embedded-web-pages-in-obsidian-canvas-can-use-sensitive-web-apis-without-the-users-permission-grant/54509

- https://github.com/fivex3/CVE-2023-27035

Github

- https://github.com/20142995/nuclei-templates

- https://github.com/cyb3r-w0lf/nuclei-template-collection

- https://github.com/fivex3/CVE-2023-27035

- https://github.com/nomi-sec/PoC-in-GitHub