CVE-2025-58401

CVSS v3.1

6.8

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Obsidian GitHub Copilot Plugin versions prior to 1.1.7

Description The Obsidian GitHub Copilot Plugin stores Github API tokens in cleartext form. This allows an attacker to perform unauthorized operations on the linked Github account.

Recommendations Update to version 1.1.7 or later.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2025-58401

Affected Products

Obsidian Github Copilot Plugin

CVE-2025-58401

Weakness Enumeration

Related Identifiers

Affected Products

References · 8