Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated, allowing malicious or compromised applications in the same device to force Omni-notes to copy files from its internal storage to its external storage directory, where they would have become accessible to any component with permission to read the external storage. Updating to the newest version (6.2.7) of Omni-notes Android fixes this vulnerability.
References
Link | Resource |
---|---|
https://github.com/federicoiosue/Omni-Notes/security/advisories/GHSA-g38r-4cf6-3v32 | Vendor Advisory |
https://github.com/federicoiosue/Omni-Notes/security/advisories/GHSA-g38r-4cf6-3v32 | Vendor Advisory |
Configurations
History
21 Nov 2024, 08:05
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/federicoiosue/Omni-Notes/security/advisories/GHSA-g38r-4cf6-3v32 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.3 |
02 Jun 2023, 17:51
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-610 | |
First Time |
Omninotes omni Notes
Omninotes |
|
CPE | cpe:2.3:a:omninotes:omni_notes:*:*:*:*:*:android:*:* | |
References | (MISC) https://github.com/federicoiosue/Omni-Notes/security/advisories/GHSA-g38r-4cf6-3v32 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
27 May 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-27 04:15
Updated : 2024-11-21 08:05
NVD link : CVE-2023-33188
Mitre link : CVE-2023-33188
CVE.ORG link : CVE-2023-33188
JSON object : View
Products Affected
omninotes
- omni_notes