Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 9fad12024f92 · 2026-03-05T22:00:02.000Z
GHSA-c37p-4qqg-3p76 GHSA-jc5m-wrp2-qq38 GHSA-v892-hwpg-jwqp
diff --git a/advisories/github-reviewed/2026/02/GHSA-c37p-4qqg-3p76/GHSA-c37p-4qqg-3p76.json b/advisories/github-reviewed/2026/02/GHSA-c37p-4qqg-3p76/GHSA-c37p-4qqg-3p76.json
@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c37p-4qqg-3p76",
-  "modified": "2026-02-18T00:54:48Z",
+  "modified": "2026-03-05T21:59:26Z",
   "published": "2026-02-18T00:54:48Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-29606"
+  ],
   "summary": "OpenClaw Twilio voice-call webhook auth bypass when ngrok loopback compatibility is enabled",
   "details": "## Summary\n\nA Twilio webhook signature-verification bypass in the voice-call extension could allow unauthenticated webhook requests when a specific ngrok free-tier compatibility option is enabled.\n\n## Impact\n\nThis issue is limited to configurations that explicitly enable and expose the voice-call webhook endpoint.\n\nNot affected by default:\n- The voice-call extension is optional and disabled by default.\n- The bypass only applied when `tunnel.allowNgrokFreeTierLoopbackBypass` was explicitly enabled.\n- Exploitation required the webhook to be reachable (typically via a public ngrok URL during development).\n\nWorst case (when exposed and the option was enabled):\n- An external attacker could send forged requests to the publicly reachable webhook endpoint that would be accepted without a valid `X-Twilio-Signature`.\n- This could result in unauthorized webhook event handling (integrity) and request flooding (availability).\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.13` (latest published as of 2026-02-14)\n- Patched versions: `>= 2026.2.14` (planned next release; pending publish)\n\n## Fix\n\n`allowNgrokFreeTierLoopbackBypass` no longer bypasses signature verification. It only enables trusting forwarded headers on loopback so the public ngrok URL can be reconstructed for correct signature validation.\n\nFix commit(s):\n- ff11d8793b90c52f8d84dae3fbb99307da51b5c9\n\nThanks @p80n-sec for reporting.",
   "severity": [
diff --git a/advisories/github-reviewed/2026/03/GHSA-jc5m-wrp2-qq38/GHSA-jc5m-wrp2-qq38.json b/advisories/github-reviewed/2026/03/GHSA-jc5m-wrp2-qq38/GHSA-jc5m-wrp2-qq38.json
@@ -0,0 +1,58 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jc5m-wrp2-qq38",
+  "modified": "2026-03-05T21:58:02Z",
+  "published": "2026-03-05T21:58:02Z",
+  "aliases": [],
+  "summary": "Flowise Vulnerable to PII Disclosure on Unauthenticated Forgot Password Endpoint",
+  "details": "## Summary\n\nThe `/api/v1/account/forgot-password` endpoint returns the full user object including PII (id, name, email, status, timestamps) in the response body instead of a generic success message. This exposes sensitive user information to unauthenticated attackers who only need to know a valid email address.\n\n## Vulnerability Details\n\n| Field | Value |\n|-------|-------|\n| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |\n| Affected File | `packages/server/src/enterprise/services/account.service.ts` (lines 517-545) |\n| Endpoint | `POST /api/v1/account/forgot-password` |\n| Authentication | None required |\n| CVSS 3.1 | 3.7 (Low) |\n\n## Root Cause\n\nIn `account.service.ts`, the `forgotPassword` method returns the sanitized user object instead of a simple success acknowledgment:\n\n```typescript\npublic async forgotPassword(data: AccountDTO) {\n    // ...\n    const user = await this.userService.readUserByEmail(data.user.email, queryRunner)\n    if (!user) throw new InternalFlowiseError(StatusCodes.NOT_FOUND, UserErrorMessage.USER_NOT_FOUND)\n\n    data.user = user\n    // ... password reset logic ...\n\n    return sanitizeUser(data.user)  // Returns user object with PII\n}\n```\n\nThe `sanitizeUser` function only removes sensitive authentication fields:\n\n```typescript\nexport function sanitizeUser(user: Partial<User>) {\n    delete user.credential    // password hash\n    delete user.tempToken     // reset token\n    delete user.tokenExpiry\n\n    return user  // Still contains: id, name, email, status, createdDate, updatedDate\n}\n```\n\n## Impact\n\nAn unauthenticated attacker can:\n\n1. **Harvest PII**: Collect user IDs, full names, and account metadata\n2. **Profile users**: Determine account creation dates and activity patterns\n3. **Enumerate accounts**: Confirm email existence and gather associated data\n4. **Enable further attacks**: Use harvested data for social engineering or targeted phishing\n\n## Exploitation\n\n```bash\ncurl -X POST \"https://cloud.flowiseai.com/api/v1/account/forgot-password\" \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"user\":{\"email\":\"victim@example.com\"}}'\n```\n\n### Evidence\n\n**Request:**\n```http\nPOST /api/v1/account/forgot-password HTTP/1.1\nHost: cloud.flowiseai.com\nContent-Type: application/json\n\n{\"user\":{\"email\":\"vefag54010@naprb.com\"}}\n```\n\n**Response (201 Created):**\n```json\n{\n    \"id\": \"56c3fc72-4e85-49c9-a4b5-d1a46b373a12\",\n    \"name\": \"Vefag naprb\",\n    \"email\": \"vefag54010@naprb.com\",\n    \"status\": \"active\",\n    \"createdDate\": \"2026-01-17T15:21:59.152Z\",\n    \"updatedDate\": \"2026-01-17T15:35:06.492Z\",\n    \"createdBy\": \"56c3fc72-4e85-49c9-a4b5-d1a46b373a12\",\n    \"updatedBy\": \"56c3fc72-4e85-49c9-a4b5-d1a46b373a12\"\n}\n```\n\n<img width=\"1582\" height=\"791\" alt=\"screenshot\" src=\"https://github.com/user-attachments/assets/9880f037-6e21-41d7-a7c8-7057c6775b50\" />\n\n## Exposed Data\n\n| Field | Risk |\n|-------|------|\n| `id` | Internal user UUID - enables targeted attacks |\n| `name` | Full name - PII disclosure |\n| `email` | Email confirmation |\n| `status` | Account state information |\n| `createdDate` | User profiling |\n| `updatedDate` | Activity tracking |\n| `createdBy` / `updatedBy` | Internal reference leak |\n\n## Expected Behavior\n\nA secure forgot-password endpoint should return a generic response regardless of whether the email exists:\n\n```json\n{\"message\": \"If this email exists, a password reset link has been sent.\"}\n```\n\n## References\n\n- [CWE-200: Exposure of Sensitive Information](https://cwe.mitre.org/data/definitions/200.html)\n- [OWASP Authentication Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#password-recovery)",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "flowise"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "3.0.13"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 3.0.12"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-jc5m-wrp2-qq38"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/FlowiseAI/Flowise"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-05T21:58:02Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/03/GHSA-v892-hwpg-jwqp/GHSA-v892-hwpg-jwqp.json b/advisories/github-reviewed/2026/03/GHSA-v892-hwpg-jwqp/GHSA-v892-hwpg-jwqp.json
@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v892-hwpg-jwqp",
-  "modified": "2026-03-02T23:23:03Z",
+  "modified": "2026-03-05T21:59:02Z",
   "published": "2026-03-02T23:23:03Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-28486"
+  ],
   "summary": "OpenClaw vulnerable to path traversal (Zip Slip) in archive extraction during explicit installation commands",
   "details": "## Summary\n\nA path traversal (Zip Slip) issue in archive extraction during explicit installation commands could allow a crafted archive to write files outside the intended extraction directory.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `>=2026.1.16-2 <2026.2.14`\n- Fixed version: `2026.2.14`\n\n## Affected Commands / Flows\n\nThis only affects users who run installation commands against an untrusted archive (local file or download URL), for example:\n\n- `openclaw skills install` (download+extract installers)\n- `openclaw hooks install` (archive installs)\n- `openclaw plugins install` (archive installs)\n- `openclaw signal install` (signal-cli asset extraction)\n\nIt is not triggered by receiving messages or normal gateway operation.\n\n## Impact\n\nArbitrary file write as the current user. In the worst case this can be used for persistence or code execution if an attacker can convince a user to install a crafted archive.\n\n## Fix\n\n- Fix commit: `3aa94afcfd12104c683c9cad81faf434d0dadf87`\n- Released in: `2026.2.14`\n\n## Credits\n\nOpenClaw thanks @markmusson for reporting.",
   "severity": [
