Lucene search
K

8 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 6:5 p.m.17 views

Malicious code in @shadanai/openclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0e2f02ab1bb3d99de1787ed7d69f1df97bd3b2d7c18cc8ba4e5f8688f649ce9 On npm install, scripts/postinstall.mjs performs several installer-harm actions. 1 Backdoor: writes /.openclaw/openclaw.json configuring a local...

6.2AI score
Exploits0References3
EUVD
EUVD
added 2026/05/11 6:31 p.m.27 views

EUVD-2026-29151

OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config...

8.8CVSS5.8AI score0.00489EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.12 views

PT-2026-39695

OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config...

8.8CVSS5.8AI score0.00489EPSS
Exploits0References4
OSV
OSV
added 2026/02/17 9:31 p.m.3 views

GHSA-MV9J-6XHH-G383 OpenClaw's unauthenticated Nostr profile HTTP endpoints allow remote profile/config tampering

Summary The OpenClaw Nostr channel plugin optional, disabled by default, installed separately exposes profile management HTTP endpoints under /api/channels/nostr/:accountId/profile GET/PUT and /api/channels/nostr/:accountId/profile/import POST. In affected versions, these routes were dispatched v...

6.3CVSS5.8AI score0.0034EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 2:58 a.m.3 views

CVE-2023-1138

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials...

7.5CVSS6.8AI score0.00571EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.4 views

SUSE CVE-2020-25677

A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality...

5.5CVSS7.1AI score0.00211EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2021/01/12 2:58 p.m.5 views

ceph-ansible: insecure ownership on /etc/ceph/iscsi-gateway.conf configuration file

A flaw was found in Ceph-ansible where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality...

5.5CVSS7.1AI score0.00211EPSS
Exploits0References4
CNNVD
CNNVD
added 2020/11/23 12:0 a.m.8 views

Red Hat ceph-ansible Security Vulnerability

Red Hat ceph-ansible is an Ansible manual for deploying the distributed file system Ceph from Red Hat USA. A security vulnerability exists in ceph-ansible that stems from insecure ownership of the etc ceph iscsi-gateway.conf configuration file...

5.5CVSS6.4AI score0.00211EPSS
Exploits0References7
Rows per page
Query Builder