Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account.
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.