4 matches found
Incorrect Authorization
Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the feedback invocation process. An attacker can record unauthorized session feedback or trigger feedback reflection by bypassing sender allowlis...
Server-side Request Forgery (SSRF)
Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via inconsistent enforcement of host and DNS policies in the media fetch process. An attacker can access internal network resources or...
Missing Authorization
Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Missing Authorization via fileConsent/invoke. An attacker can access or manipulate pending file uploads belonging to other conversations by providing a valid uploadId withi...
Insertion of Sensitive Information Into Sent Data
Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the process that handles downloading inbound MS Teams attachments or inline images, specifically when retrying URLs wi...