2026.6.11
4 months ago
7 days ago
Known vulnerabilities in the @openclaw/mattermost package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
@openclaw/mattermost is an OpenClaw Mattermost channel plugin Affected versions of this package are vulnerable to Insufficient Session Expiration due to a delay in the monitor refresh process. An attacker can continue to execute unauthorized commands by exploiting the acceptance of revoked slash tokens during the refresh window. How to fix Insufficient Session Expiration? A fix was pushed into the | * |
@openclaw/mattermost is an OpenClaw Mattermost channel plugin Affected versions of this package are vulnerable to Not Failing Securely ('Failing Open') in the event handler process due to missing validation of channel type metadata. An attacker can bypass intended policy decisions by sending crafted events that omit required channel type information. How to fix Not Failing Securely ('Failing Open')? A fix was pushed into the | * |
@openclaw/mattermost is an OpenClaw Mattermost channel plugin Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the How to fix Server-side Request Forgery (SSRF)? A fix was pushed into the | >=0.0.0 |
@openclaw/mattermost is an OpenClaw Mattermost channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the How to fix Incorrect Authorization? A fix was pushed into the | >=0.0.0 |
@openclaw/mattermost is an OpenClaw Mattermost channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the How to fix Incorrect Authorization? A fix was pushed into the | >=0.0.0 |
@openclaw/mattermost is an OpenClaw Mattermost channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the room authorization process. An attacker can gain unauthorized access to rooms with similar names by exploiting the matching logic that relies on collidable room names instead of stable room tokens. How to fix Incorrect Authorization? A fix was pushed into the | >=0.0.0 |
@openclaw/mattermost is an OpenClaw Mattermost channel plugin Affected versions of this package are vulnerable to Incorrect Authorization through improper access control in the pairing store process. An attacker can gain unauthorized access to another account's direct message pairing by leveraging approval from a different account in multi-account deployments. How to fix Incorrect Authorization? A fix was pushed into the | * |