Lucene search
K

5 matches found

Snyk
Snyk
added 2026/06/18 8:36 p.m.5 views

User Impersonation

Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to User Impersonation via the allowFrom process. An attacker can gain unauthorized access to agent privileges intended for another Discord identity by exploiting mutable display name...

8.6CVSS5.9AI score0.00267EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 5:22 p.m.10 views

Missing Authorization

Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Missing Authorization through the registerPairCommand and resolvePairingCommandAuthState paths in the device-pair command handler. An attacker can generate pairing setup codes,...

8.7CVSS5.8AI score0.0023EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 3:26 a.m.2 views

Incorrect Authorization

Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the process that handles Discord component interactions, which incorrectly classifies Group Direct Messages as standard Direct Messages. An attacker can...

5.4CVSS5.8AI score0.00125EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 11:58 p.m.4 views

Missing Authorization

Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Missing Authorization in the extensions/discord/src/monitor/agent-components.ts process. An attacker can bypass intended access restrictions by triggering privileged component...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 11:52 p.m.6 views

Incorrect Authorization

Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the approve command in Discord integration. An attacker can gain unauthorized approval of pending host executions by issuing the command without being...

8.8CVSS5.9AI score0.00407EPSS
Exploits1References2
Rows per page
Query Builder