{"data":{"id":"37cb85fa-3942-42c3-8a16-93889d10fc73","title":"CVE-2025-58401: Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacke","summary":"The Obsidian GitHub Copilot Plugin (a tool that integrates GitHub's AI code assistant into the Obsidian note-taking app) has a security flaw in versions before 1.1.7 where it stores GitHub API tokens (authentication credentials that allow access to a GitHub account) in cleartext (unencrypted, readable text). This means an attacker who gains access to a user's computer could steal these tokens and perform unauthorized actions on their GitHub account.","solution":"Update the Obsidian GitHub Copilot Plugin to version 1.1.7 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-58401","publishedAt":"2025-09-05T05:15:29.817Z","cveId":"CVE-2025-58401","cweIds":["CWE-312"],"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["pii_leakage"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["GitHub Copilot","Obsidian"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00008,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}