Improper Authorization
CVE-2021-38148
Summary
Obsidian versions prior to 0.12.12 does not require user confirmation for non-http/https URLs.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-285 - Improper Authorization
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
References
Advisory Timeline
- Published
