Lucene search
K

4 matches found

Snyk
Snyk
added 2026/03/26 9:34 p.m.2 views

Incorrect Authorization

Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the room authorization process. An attacker can gain unauthorized access to rooms with similar names by exploiting the matching logic that...

5.4CVSS5.9AI score0.00241EPSS
Exploits0References3
CVE
CVE
added 2026/03/05 9:59 p.m.19 views

CVE-2026-28474

OpenClaw's Nextcloud Talk plugin (versions prior to 2026.2.6) is affected by a flaw in equality matching on the mutable actor.name display name used for allowlist validation, allowing an attacker to spoof a display name to match an allowlisted user ID and gain unauthorized access to restricted co...

9.8CVSS6AI score0.00489EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.5 views

CVE-2026-28474

OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and...

9.8CVSS6AI score0.00489EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/17 9:36 p.m.3 views

User Impersonation

Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to User Impersonation via the actor.name field in webhook payloads. An attacker can gain unauthorized access to direct messages or rooms by spoofing their display name t...

9.8CVSS5.6AI score0.00489EPSS
Exploits0References2
Rows per page
Query Builder