Publish Advisories

GHSA-52q4-3xjc-6778
GHSA-5jvj-hxmh-6h6j
GHSA-q2qc-744p-66r2
GHSA-q35r-vvhv-vx5h
GHSA-q35r-vvhv-vx5h

Author: advisory-database[bot]

advisories/github-reviewed/2026/03/GHSA-52q4-3xjc-6778/GHSA-52q4-3xjc-6778.json

@@ -0,0 +1,59 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-52q4-3xjc-6778",
+  "modified": "2026-03-29T15:48:15Z",
+  "published": "2026-03-29T15:48:15Z",
+  "aliases": [],
+  "summary": "OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName",
+  "details": "## Summary\n\nGoogle Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nGoogle Chat group authorization previously relied on mutable space display names, which allowed policy rebinding when names changed or collided. Commit `11ea1f67863d88b6cbcb229dd368a45e07094bff` requires stable group IDs for access decisions.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `11ea1f67863d88b6cbcb229dd368a45e07094bff`.\n\n## Fix Commit(s)\n\n- `11ea1f67863d88b6cbcb229dd368a45e07094bff`",
+  "severity": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.3.28"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2026.3.24"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-52q4-3xjc-6778"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/11ea1f67863d88b6cbcb229dd368a45e07094bff"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-639",
+      "CWE-807",
+      "CWE-863"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-29T15:48:15Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/03/GHSA-5jvj-hxmh-6h6j/GHSA-5jvj-hxmh-6h6j.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5jvj-hxmh-6h6j",
+  "modified": "2026-03-29T15:46:40Z",
+  "published": "2026-03-29T15:46:40Z",
+  "aliases": [],
+  "summary": "OpenClaw: Gateway HTTP Session History Route Bypasses Operator Read Scope",
+  "details": "## Summary\n\nGateway HTTP Session History Route Bypasses Operator Read Scope\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nThe HTTP `/sessions/:sessionKey/history` route previously authenticated bearer tokens but skipped the same `operator.read` check used by `chat.history` over WebSocket. Commit `1c45123231516fa50f8cf8522ba5ff2fb2ca7aea` makes HTTP callers declare operator scopes and rejects history reads that do not include `operator.read`.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `1c45123231516fa50f8cf8522ba5ff2fb2ca7aea`.\n\n## Fix Commit(s)\n\n- `1c45123231516fa50f8cf8522ba5ff2fb2ca7aea`",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "2026.3.24"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5jvj-hxmh-6h6j"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/1c45123231516fa50f8cf8522ba5ff2fb2ca7aea"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-639",
+      "CWE-863"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-29T15:46:40Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/03/GHSA-q2qc-744p-66r2/GHSA-q2qc-744p-66r2.json

@@ -0,0 +1,58 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-q2qc-744p-66r2",
+  "modified": "2026-03-29T15:47:50Z",
+  "published": "2026-03-29T15:47:50Z",
+  "aliases": [],
+  "summary": "OpenClaw: `session_status` sessionId resolution bypasses sandboxed session-tree visibility",
+  "details": "## Summary\n\n`session_status` sessionId resolution bypasses sandboxed session-tree visibility\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `>= 2026.3.11, <= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\n`session_status` previously resolved a `sessionId` to a canonical session key after early visibility checks, letting sandboxed children reach parent or sibling sessions that were blocked by explicit `sessionKey`. Commit `d9810811b6c3c9266d7580f00574e5e02f7663de` enforces visibility after `sessionId` resolution so sandboxed callers cannot escape their session tree.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `d9810811b6c3c9266d7580f00574e5e02f7663de`.\n\n## Fix Commit(s)\n\n- `d9810811b6c3c9266d7580f00574e5e02f7663de`",
+  "severity": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2026.3.11"
+            },
+            {
+              "fixed": "2026.3.28"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2026.3.24"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q2qc-744p-66r2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/d9810811b6c3c9266d7580f00574e5e02f7663de"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-639",
+      "CWE-863"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-29T15:47:50Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/03/GHSA-q35r-vvhv-vx5h/GHSA-q35r-vvhv-vx5h.json

@@ -0,0 +1,111 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-q35r-vvhv-vx5h",
+  "modified": "2026-03-29T15:46:10Z",
+  "published": "2026-03-26T21:31:26Z",
+  "aliases": [
+    "CVE-2026-3190"
+  ],
+  "summary": "Keycloak: Missing Role Enforcement on UMA 2.0 Permission Ticket Endpoint Leads to Information Disclosure",
+  "details": "A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.keycloak:keycloak-server-spi-private"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "26.5.6"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.keycloak:keycloak-services"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "26.5.6"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.keycloak:keycloak-model-jpa"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "26.5.6"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3190"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/keycloak/keycloak/issues/46723"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2026-3190"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442572"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/keycloak/keycloak"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-280"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-29T15:46:10Z",
+    "nvd_published_at": "2026-03-26T19:17:06Z"
+  }
+}