10 matches found
Improper Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Authorization in the config.patch process. An attacker can gain unauthorized access to privileged actions by silently disabling execution approval mechanisms. Remediation Upgrade...
Covert Timing Channel
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Covert Timing Channel via the dispatch-wrapper-resolution.ts and exec-wrapper-resolution.ts processes. An attacker can gain unauthorized code execution by bypassing the intended allowlist...
Allocation of Resources Without Limits or Throttling
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via unbounded concurrent unauthenticated WebSocket upgrades before session authentication. An attacker can exhaust socket and worker...
Missing Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the onboard-remote.ts process. An attacker can gain unauthorized access to gateway credentials and potentially intercept sensitive traffic by leveraging a...
Brute Force
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Brute Force via the webhook authentication process. An attacker can gain unauthorized access by repeatedly attempting to guess shared secrets without restriction, potentially allowing the...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the policy resolution process in the Google Chat and Zalouser extensions. An attacker can gain unauthorized interaction with bots by exploiting a flaw where...
Improper Neutralization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Neutralization via the approval prompt process. An attacker can inject malicious ANSI escape sequences into terminal output by supplying crafted tool metadata, potentially spoofi...
Weak Password Requirements
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Weak Password Requirements due to insufficient rate limiting in the webhook authentication process. An attacker can repeatedly guess weak webhook tokens by sending numerous authentication...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the callback handling process. An attacker can gain unauthorized access to callback functionality by sending specially crafted legacy raw card payloads that...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the gateway shared-auth reconnect process. An attacker can gain elevated privileges and execute arbitrary code by exploiting the auto-approval of scope-upgrade...