@openclaw/mattermost@2026.6.11

OpenClaw Mattermost channel plugin

Direct Vulnerabilities

Known vulnerabilities in the @openclaw/mattermost package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • M
Insufficient Session Expiration

@openclaw/mattermost is an OpenClaw Mattermost channel plugin

Affected versions of this package are vulnerable to Insufficient Session Expiration due to a delay in the monitor refresh process. An attacker can continue to execute unauthorized commands by exploiting the acceptance of revoked slash tokens during the refresh window.

How to fix Insufficient Session Expiration?

A fix was pushed into the master branch but not yet published.

*
  • M
Not Failing Securely ('Failing Open')

@openclaw/mattermost is an OpenClaw Mattermost channel plugin

Affected versions of this package are vulnerable to Not Failing Securely ('Failing Open') in the event handler process due to missing validation of channel type metadata. An attacker can bypass intended policy decisions by sending crafted events that omit required channel type information.

How to fix Not Failing Securely ('Failing Open')?

A fix was pushed into the master branch but not yet published.

*
  • H
Server-side Request Forgery (SSRF)

@openclaw/mattermost is an OpenClaw Mattermost channel plugin

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the fetch process in multiple channel extensions when outbound requests are made to configured base URLs without proper validation. An attacker can access internal network resources or sensitive endpoints by supplying malicious URLs.

How to fix Server-side Request Forgery (SSRF)?

A fix was pushed into the master branch but not yet published.

>=0.0.0
  • H
Incorrect Authorization

@openclaw/mattermost is an OpenClaw Mattermost channel plugin

Affected versions of this package are vulnerable to Incorrect Authorization via the callback process. An attacker can execute unauthorized actions by sending specially crafted requests before sender authorization checks are completed.

How to fix Incorrect Authorization?

A fix was pushed into the master branch but not yet published.

>=0.0.0
  • H
Incorrect Authorization

@openclaw/mattermost is an OpenClaw Mattermost channel plugin

Affected versions of this package are vulnerable to Incorrect Authorization in the auth process. An attacker can gain unauthorized access by sending requests with add-on principals that are not bound to the intended deployment.

How to fix Incorrect Authorization?

A fix was pushed into the master branch but not yet published.

>=0.0.0
  • M
Incorrect Authorization

@openclaw/mattermost is an OpenClaw Mattermost channel plugin

Affected versions of this package are vulnerable to Incorrect Authorization in the room authorization process. An attacker can gain unauthorized access to rooms with similar names by exploiting the matching logic that relies on collidable room names instead of stable room tokens.

How to fix Incorrect Authorization?

A fix was pushed into the master branch but not yet published.

>=0.0.0
  • L
Incorrect Authorization

@openclaw/mattermost is an OpenClaw Mattermost channel plugin

Affected versions of this package are vulnerable to Incorrect Authorization through improper access control in the pairing store process. An attacker can gain unauthorized access to another account's direct message pairing by leveraging approval from a different account in multi-account deployments.

How to fix Incorrect Authorization?

A fix was pushed into the master branch but not yet published.

*