4 matches found
CVE-2026-53860
OpenClaw
OpenClaw's commands.allowFrom sender authorization accepted conversation identifiers via ctx.From
Summary commands.allowFrom is documented as a sender authorization allowlist for commands/directives, but command authorization could include ctx.From conversation identity as a sender candidate. When commands.allowFrom contained conversation-like identifiers for example Discord channel: or...
GHSA-2CH6-X3G4-7759 OpenClaw's commands.allowFrom sender authorization accepted conversation identifiers via ctx.From
Summary commands.allowFrom is documented as a sender authorization allowlist for commands/directives, but command authorization could include ctx.From conversation identity as a sender candidate. When commands.allowFrom contained conversation-like identifiers for example Discord channel: or...
CVE-2025-6088
In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Although UUIDv4 conversation IDs are generated server-side and are difficult to brute force, they...