2 matches found
Improper Privilege Management
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management via the node.pair.approve function being assigned to the broader operator.write scope instead of the intended operator.pairing scope. An attacker can gain...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via insufficient validation in the node.pair.approve process. An attacker can gain unauthorized access to paired nodes with elevated privileges by exploiting missi...