Summary
Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-HJWC-26PJ-V3PM
AgenticMail: Cross-agent task authorization bypass in AgenticMail API
- HIGHGHSA-H2W2-V7J6-XQM4
npm PraisonAI AgentLoop onToolCall approval runs after tool execution
- MEDIUMGHSA-QWXF-2M7M-2M3X
Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join
- HIGHGHSA-VRHC-3FR6-PC3C
Open WebUI: Forged chat-file link allows cross-user file read and deletion
- HIGHGHSA-QXVM-PCFM-QC39
Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's roles
- MEDIUMGHSA-4HPG-MP64-X7XQ
OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state