3 matches found
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the shared gateway authentication. An attacker can gain unauthorized operator privileges by presenting a self-signed, unpaired device identity. Remediation...
Missing Authorization
Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Missing Authorization via fileConsent/invoke. An attacker can access or manipulate pending file uploads belonging to other conversations by providing a valid uploadId withi...
Symlink Attack
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack in the handling of browser trace and download output paths, specifically when processing temporary output. An attacker can overwrite arbitrary files by exploiting symlink...