Primary

Context

Obsidian GitHub Copilot Plugin Cleartext Storage of GitHub API Token Vulnerability

Vulnerability

A vulnerability exists in the Obsidian GitHub Copilot Plugin, specifically in versions prior to 1.1.7, where the GitHub API token is stored in cleartext. This flaw allows an attacker to access the token and perform unauthorized actions on the associated GitHub account.

Impact

Exploitation of this vulnerability could lead to unauthorized operations on the victim's GitHub account, using the accessed API token.

Remediation

Users are advised to update the Obsidian GitHub Copilot Plugin to version 1.1.7 or later.

Added: Sep 5, 2025, 5:16 AM

Updated: Sep 5, 2025, 5:16 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.7

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.7

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Obsidian GitHub Copilot Plugin Cleartext Storage of GitHub API Token Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating