GHSA-943q-mwmv-hhvh: OpenClaw: Gateway /tools/invoke tool escalation + ACP permission auto-approval
OpenClaw Gateway exposes an authenticated HTTP endpoint (POST /tools/invoke) intended for invoking a constrained set of tools. Two issues could combine to significantly increase blast radius in misconfigured or exposed deployments:
- The HTTP gateway layer did not deny high-risk session orchestration tools by default, allowing a caller with Gateway auth to invoke tools like
sessions_spawn/sessions_sendand pivot into creating or controlling agent sessions. - ACP clients could auto-approve permission requests for risky tools with insufficient user interaction/guardrails, reducing the friction that should normally prevent silent execution or mutation.
References
- github.com/advisories/GHSA-943q-mwmv-hhvh
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/153a7644e
- github.com/openclaw/openclaw/commit/539689a2f
- github.com/openclaw/openclaw/commit/bb1c3dfe1
- github.com/openclaw/openclaw/commit/ee31cd47b49f4b2f128a69a2a3745ca9db68b3be
- github.com/openclaw/openclaw/pull/15390
- github.com/openclaw/openclaw/security/advisories/GHSA-943q-mwmv-hhvh
Code Behaviors & Features
Detect and mitigate GHSA-943q-mwmv-hhvh with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →