GHSA-2hm8-rqrm-xfjq: OpenClaw's owner-only gateway tool access checks were incomplete in specific authenticated DM flows
In authenticated non-owner DM sessions, a narrow tool-invocation path could reach broader-than-intended owner-only gateway actions.
References
- github.com/advisories/GHSA-2hm8-rqrm-xfjq
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/2777d8ad91ef1e8a7c6f5b4b18f8507be7d02914
- github.com/openclaw/openclaw/commit/3d7ad1cfca4daaa84cd553e843e0e08fa6201349
- github.com/openclaw/openclaw/commit/a40c10d3e24568b1e2947c104484be74bf66b8d2
- github.com/openclaw/openclaw/security/advisories/GHSA-2hm8-rqrm-xfjq
Code Behaviors & Features
Detect and mitigate GHSA-2hm8-rqrm-xfjq with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →