CVE-2025-58401

Summary

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account.

Affected Software

VendorProductVersion RangeStatus
Pierre-Adrien VasseurObsidian GitHub Copilot Pluginprior to 1.1.7affected

Weaknesses

  • CWE-312: Cleartext storage of sensitive information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References