CVE-2023-2110 – This vulnerability in Obsidian desktop allows m... (How to Fix)

Q: What is the severity of CVE-2023-2110?

CVE-2023-2110 has a CVSS score of 8.2 (HIGH). This vulnerability in Obsidian desktop allows malicious webpages or markdown files to access local files through improper path handling. Attackers can exfiltrate sensitive files to remote servers using the 'app://local/' URI scheme. Users who open malicious markdown files or paste content from malicious webpages into Obsidian are affected.

📋 TL;DR

This vulnerability in Obsidian desktop allows malicious webpages or markdown files to access local files through improper path handling. Attackers can exfiltrate sensitive files to remote servers using the 'app://local/' URI scheme. Users who open malicious markdown files or paste content from malicious webpages into Obsidian are affected.

💻 Affected Systems

Products:

Obsidian desktop

Versions: All versions before 1.2.8

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Obsidian by Obsidian

View all CVEs affecting Obsidian →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of sensitive local files including credentials, personal documents, and system files, with exfiltration to attacker-controlled servers.

🟠

Likely Case

Targeted theft of specific sensitive files from users' computers through social engineering attacks.

🟢

If Mitigated

No impact if users avoid opening untrusted markdown files and don't paste content from untrusted web sources.

🌐 Internet-Facing: MEDIUM - Requires user interaction with malicious content from internet sources.

🏢 Internal Only: LOW - Primarily an external threat vector through malicious web content.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is technically simple. Proof of concept available in public advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.8 and later

Vendor Advisory: https://obsidian.md/changelog/2023-05-03-desktop-v1.2.8/

Restart Required: Yes

Instructions:

1. Open Obsidian. 2. Go to Settings > About. 3. Check for updates. 4. Install version 1.2.8 or later. 5. Restart Obsidian.

🔧 Temporary Workarounds

Disable automatic updates check

all

Temporarily disable automatic checking for updates to prevent potential exploitation through update mechanisms

Settings > About > Disable 'Automatically check for updates'

🧯 If You Can't Patch

Avoid opening markdown files from untrusted sources
Do not copy and paste content from untrusted webpages into Obsidian

🔍 How to Verify

Check if Vulnerable:

Check Obsidian version in Settings > About. If version is below 1.2.8, you are vulnerable.

Check Version:

Obsidian Settings > About shows version number

Verify Fix Applied:

Verify version is 1.2.8 or higher in Settings > About.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns through app://local/ URIs
Network connections to suspicious domains after file access

Network Indicators:

Outbound connections to unknown servers following local file access

SIEM Query:

source="obsidian" AND (uri="app://local/*" OR destination_ip="suspicious_ip")

📊 Metadata

CVE ID: CVE-2023-2110

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE: CWE-22

Published: August 19, 2023

Last Updated: November 21, 2024

🔗 References

https://obsidian.md/changelog/2023-05-03-desktop-v1.2.8/ Release Notes
https://starlabs.sg/advisories/23/23-2110/ Exploit,Mitigation,Third Party Advisory
https://obsidian.md/changelog/2023-05-03-desktop-v1.2.8/ Release Notes
https://starlabs.sg/advisories/23/23-2110/ Exploit,Mitigation,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-2110, you might also want to check these: