GHSA-2X4X-CC5G-QMMG OpenClaw: node.pair.approve missing callerScopes validation allows low-privilege operator to approve malicious nodes

Summary The node pairing approval path did not consistently enforce that the approving caller already held every scope requested by the node. Impact A lower-privileged operator could approve a pending node request for broader scopes and extend privileges onto the paired node. Affected Component...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause a low-privileged operator to approve nodes with a wider scope...