漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenClaw Client PKCE Verifier Information Disclosure Vulnerability
Vulnerability Description
OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an OAuth authorization flow. The specific flaw exists within the implementation of OAuth authorization. The issue results from the exposure of sensitive data in the authorization URL query string. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-29381.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
OpenClaw 信息泄露漏洞
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw存在信息泄露漏洞,该漏洞源于授权URL查询字符串暴露敏感数据,可能导致凭据泄露。
CVSS Information
N/A
Vulnerability Type
N/A