{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/qclaw/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["openclaw"],"_cs_severities":["high"],"_cs_tags":["npm","vulnerability","persistence"],"_cs_type":"advisory","_cs_vendors":["qclaw"],"content_html":"\u003cp\u003eA critical vulnerability exists in versions of the \u003ccode\u003eopenclaw\u003c/code\u003e npm package prior to 2026.4.10. The vulnerability stems from insufficient access control within the gateway's \u003ccode\u003eoperator.write\u003c/code\u003e message-tool paths. These paths inadvertently provide access to Matrix profile persistence functions that are intended to be restricted to administrator-level privileges. This means that attackers could potentially modify sensitive Matrix profile configurations without proper authorization. The vulnerability was addressed in version 2026.4.10 and subsequent releases, with \u003ccode\u003eopenclaw@2026.4.14\u003c/code\u003e incorporating the fix. This issue was reported and resolved with contributions from multiple security researchers and sponsors, highlighting its potential impact on affected systems.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains access to a system with the vulnerable \u003ccode\u003eopenclaw\u003c/code\u003e package installed.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious \u003ccode\u003eoperator.write\u003c/code\u003e message intended to exploit the exposed Matrix profile persistence functionality.\u003c/li\u003e\n\u003cli\u003eThe crafted message bypasses intended access controls due to the vulnerability.\u003c/li\u003e\n\u003cli\u003eThe malicious message reaches the vulnerable Matrix profile persistence component.\u003c/li\u003e\n\u003cli\u003eThe component processes the message without proper authorization checks.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies sensitive Matrix profile configurations, such as user permissions or system settings.\u003c/li\u003e\n\u003cli\u003eThe modified configuration persists across system restarts due to the compromised persistence mechanism.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the modified profile configuration to escalate privileges or gain unauthorized access to sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could allow attackers to gain unauthorized control over Matrix profile configurations. This could lead to privilege escalation, unauthorized access to sensitive data, and potential disruption of service. While the exact scope of potential victims is unknown, any system running a vulnerable version of the \u003ccode\u003eopenclaw\u003c/code\u003e package is at risk. This could impact various sectors relying on the package for their operations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade the \u003ccode\u003eopenclaw\u003c/code\u003e npm package to version 2026.4.10 or later to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eMonitor npm package installations and updates within your environment to detect and prevent the use of vulnerable versions of \u003ccode\u003eopenclaw\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eImplement strict access controls and input validation on message-tool paths to prevent unauthorized access to sensitive functionalities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-openclaw-config-persistence/","summary":"A vulnerability in the openclaw npm package before version 2026.4.10 allows unauthorized modification of Matrix profile configurations via the `operator.write` message tool.","title":"OpenClaw Matrix Profile Config Persistence Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-openclaw-config-persistence/"}],"language":"en","title":"CraftedSignal Threat Feed - Qclaw","version":"https://jsonfeed.org/version/1.1"}