3 matches found
Duplicate Advisory: OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2f7j-rp58-mr42. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin...
CVE-2026-41339
OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths and deployment details, enabling host fingerprinting and facilitating chained attacks...
CVE-2023-44690
Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py...