Obsidian GitHub Copilot Plugin Vulnerability Exposes Data

The Obsidian GitHub Copilot Plugin by Pierre-Adrien Vasseur has been found to store sensitive information in cleartext.

This plugin is vulnerable as it stores the GitHub API token in cleartext, allowing attackers to potentially obtain it and perform unauthorized operations on the linked GitHub account.

Users are advised to update the software to the latest version as per the developer's guidance. It is crucial to follow the instructions provided to mitigate this risk.

The vulnerability was reported to the IPA by Rui Nakajima, and JPCERT/CC coordinated with the developer under the Information Security Early Warning Partnership.