2 matches found
Cross-site Request Forgery (CSRF)
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the manual OAuth login flow. An attacker can cause credential substitution by convincing a user to paste attacker-controlled OAuth callback data,...
OpenClaw Chutes manual OAuth state validation bypass can cause credential substitution
Summary The manual Chutes OAuth login flow could accept attacker-controlled callback input in a way that bypassed OAuth CSRF state validation, potentially resulting in credential substitution. Impact If an attacker can convince a user to paste attacker-provided OAuth callback data during the manu...