漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenClaw < 2026.2.12 - Webhook Authentication Bypass via Loopback remoteAddress Trust
Vulnerability Description
OpenClaw versions prior to 2026.2.12 contain a vulnerability in the BlueBubbles (optional plugin) webhook handler in which it authenticates requests based solely on loopback remoteAddress without validating forwarding headers, allowing bypass of configured webhook passwords. When the gateway operates behind a reverse proxy, unauthenticated remote attackers can inject arbitrary BlueBubbles message and reaction events by reaching the proxy endpoint.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
OpenClaw 访问控制错误漏洞
Vulnerability Description
OpenClaw是openclaw开源的一个智能人工助理。 OpenClaw 2026.2.12之前版本存在访问控制错误漏洞,该漏洞源于BlueBubbles Webhook处理程序仅基于环回remoteAddress进行身份验证,可能导致绕过配置的Webhook密码。
CVSS Information
N/A
Vulnerability Type
N/A