Lucene search
K

4 matches found

Snyk
Snyk
added 2026/03/29 3:49 p.m.4 views

Incorrect Authorization

Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the feedback invocation process. An attacker can record unauthorized session feedback or trigger feedback reflection by bypassing sender allowlis...

6.9CVSS5.9AI score0.00227EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/03 10:21 p.m.8 views

Server-side Request Forgery (SSRF)

Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via inconsistent enforcement of host and DNS policies in the media fetch process. An attacker can access internal network resources or...

3.5CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/03/03 9:36 p.m.3 views

Missing Authorization

Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Missing Authorization via fileConsent/invoke. An attacker can access or manipulate pending file uploads belonging to other conversations by providing a valid uploadId withi...

5.3CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/02/17 9:38 p.m.6 views

Insertion of Sensitive Information Into Sent Data

Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the process that handles downloading inbound MS Teams attachments or inline images, specifically when retrying URLs wi...

7.1CVSS5.8AI score0.0026EPSS
Exploits0References2
Rows per page
Query Builder