Home > Vulnerability Database > CVE-2023-33188

Mend.io Vulnerability Database

CVE-2023-33188

Date: May 26, 2023

Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated, allowing malicious or compromised applications in the same device to force Omni-notes to copy files from its internal storage to its external storage directory, where they would have become accessible to any component with permission to read the external storage. Updating to the newest version (6.2.7) of Omni-notes Android fixes this vulnerability.

Language: Java

Severity Score

6.3

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-33188

Url: https://github.com/federicoiosue/Omni-Notes/security/advisories/GHSA-g38r-4cf6-3v32

Url: https://www.mend.io/vulnerability-database/CVE-2023-33188

Severity Score

6.3

Weakness Type (CWE)

Externally Controlled Reference to a Resource in Another Sphere

CWE-610

Unintended Proxy or Intermediary ('Confused Deputy')

CWE-441

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-33188

Date: May 26, 2023

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?