OpenClaw exec-approvals allowlist validation checks pre-expansion argv tokens but execution uses real shell expansion, allowing safe bins like head, tail, or grep to read arbitrary local files via glob patterns or environment variables. Authorized callers or prompt-injection attacks can exploit this to disclose files readable by the gateway or node process when host execution is enabled in allowlist mode.
Attack Parameters
Attack Vector
Local
Нужен локальный доступ
Attack Complexity
Low
Легко эксплуатировать
Attack Requirements
None
Нет дополнительных условий
Privileges Required
None
Права не нужны
User Interaction
None
Не нужно действие пользователя
Impact Assessment
Confidentiality
High
Полная утечка данных
Integrity
High
Полная модификация данных
Availability
High
Полный отказ в обслуживании
CVSS Vector v4.0
Weakness Type (CWE)
References 3
https://github.com/openclaw/openclaw/commit/77b89719d5b7e271f48b6f49e334a8b9914…
disclosure@vulncheck.com
https://github.com/openclaw/openclaw/security/advisories/GHSA-xvhf-x56f-2hpp
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-shell-exp…
disclosure@vulncheck.com