5 matches found
User Impersonation
Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to User Impersonation via the allowFrom process. An attacker can gain unauthorized access to agent privileges intended for another Discord identity by exploiting mutable display name...
Missing Authorization
Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Missing Authorization through the registerPairCommand and resolvePairingCommandAuthState paths in the device-pair command handler. An attacker can generate pairing setup codes,...
Incorrect Authorization
Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the process that handles Discord component interactions, which incorrectly classifies Group Direct Messages as standard Direct Messages. An attacker can...
Missing Authorization
Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Missing Authorization in the extensions/discord/src/monitor/agent-components.ts process. An attacker can bypass intended access restrictions by triggering privileged component...
Incorrect Authorization
Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the approve command in Discord integration. An attacker can gain unauthorized approval of pending host executions by issuing the command without being...