CVE-2023-33188

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-33188

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33188.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-33188

Aliases

GHSA-g38r-4cf6-3v32

Published

2023-05-27T03:47:52.194Z

Modified

2025-12-04T23:51:54.533858Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:L CVSS Calculator

Summary

Uncontrolled data used in content resolution

Details

Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated, allowing malicious or compromised applications in the same device to force Omni-notes to copy files from its internal storage to its external storage directory, where they would have become accessible to any component with permission to read the external storage. Updating to the newest version (6.2.7) of Omni-notes Android fixes this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-441",
        "CWE-610"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/33xxx/CVE-2023-33188.json"
}

References

Affected packages

Git / github.com/federicoiosue/omni-notes

Affected ranges

Type: GIT
Repo: https://github.com/federicoiosue/omni-notes
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4942ac409e2be2d161e4dcc7a761ae0cb98a5176

Affected versions

4.*

4.5.0

4.5.0b4

4.5.0b5

4.5.0b6

4.5.0b7

4.5.1

4.6.0b1

4.6.0b2

4.6.0b3

4.6.0b4

4.6.6

4.7.0

4.7.1

4.7.2

5.*

5.0.0

5.0.0b1

5.0.0b2

5.0.0b3

5.0.0b4

5.0.0b5

5.0.0b6

5.0.1

5.0.2

5.0.3

5.0.4

5.1.0

5.1.2

5.2.0

5.2.0b2

5.2.0b3

5.2.0b4

5.2.0b5

5.2.0b6

5.2.0b7

5.2.0b8

5.2.0b9

5.2.1

5.2.10

5.2.11

5.2.12

5.2.13

5.2.14

5.2.15

5.2.16

5.2.17

5.2.18

5.2.19

5.2.2

5.2.20

5.2.3

5.2.4

5.2.5

5.2.6

5.2.7

5.2.8

5.2.9

5.3.0

5.3.1

5.3.2

5.4.0

5.4.1

5.4.2

5.4.3

5.4.4

5.4.5

5.5.0

5.5.1

5.5.2

5.5.3

5.5.4

6.*

6.0.0

6.0.0_Beta_7

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.1.0

6.2.0

6.2.0_alpha

6.2.0_beta_3

6.2.0_beta_4

6.2.0_beta_5

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

Other

v_3_0_0

v_3_1_0

v_3_2_0

v_3_2_4

v_3_9_2

v_3_9_4

v_3_9_7

v_4_0_0

v_4_0_1

v_4_1_0

v_4_1_3

v_4_2_0

v_4_2_0b6

v_4_3_0

v_4_3_1

v_4_3_2

v_4_3_3

v_4_3_4

v_4_4_0

v_4_4_0_beta_1

v_4_4_0_beta_2

v_4_4_0_beta_5

v_4_4_0_beta_6

v_4_4_0_beta_8

v_4_4_0_beta_9

v_4_4_1

v_4_5_0_beta_3

v_4_6_0

v_4_6_0b10

v_4_6_0b11

v_4_6_0b12

v_4_6_0b13

v_4_6_0b14

v_4_6_0b16

v_4_6_0b5

v_4_6_0b6

v_4_6_0b7

v_4_6_0b8

v_4_6_0b9

v_4_6_1

v_4_6_2

v_4_6_3

v_4_6_4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33188.json"