PT-2025-36109 · WordPress · Obsidian Github Copilot Plugin

Rui Nakajima

Published

2025-09-05

Updated

2025-09-05

CVE-2025-58401

Report an issue

CVSS v3.1

6.8

Vector

AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions:

Obsidian GitHub Copilot Plugin versions prior to 1.1.7

Description:

The Obsidian GitHub Copilot Plugin stores Github API tokens in cleartext form. This allows an attacker to perform unauthorized operations on the linked Github account.

Recommendations:

Update to version 1.1.7 or later.

Fix

Cleartext Storage of Sensitive Information

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2025-58401

Affected Products

Obsidian Github Copilot Plugin

PT-2025-36109 · WordPress · Obsidian Github Copilot Plugin

Weakness Enumeration

Related Identifiers

Affected Products

References · 5