3 matches found
Insertion of Sensitive Information Into Sent Data
Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the process that handles downloading inbound MS Teams attachments or inline images, specifically when retrying URLs wi...
Authentication Bypass Using an Alternate Path or Channel
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the Telegram webhook endpoint when webhook mode is enabled without a configured secret. An attacker can impersonate authorized...
Origin Validation Error
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Origin Validation Error via the /cdp WebSocket endpoint that accepts arbitrary Chrome DevTools Protocol commands. An attacker can bypass the intended localhost-only restriction by running...