CVE-2025-58401

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-58401

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58401.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-58401

Published

2025-09-05T05:15:29.817Z

Modified

2026-03-14T12:44:09.874901Z

Severity

5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account.

References

Affected packages

Git / github.com/pierrad/obsidian-github-copilot

Affected ranges

Type: GIT
Repo: https://github.com/pierrad/obsidian-github-copilot
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0eb493e3837a35cb701c1aa7e9166d3d33a19f41

Affected versions

1.*

1.0.0

1.0.1

1.0.10

1.0.11

1.0.12

1.0.13

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1.0

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58401.json"