Soumettre #856857: nextlevelbuilder GoClaw 3.13.2 Missing Authorization (CWE-862)information

Titrenextlevelbuilder GoClaw 3.13.2 Missing Authorization (CWE-862)
Description# Technical Details A cross-agent authorization bypass exists in the `ToolsInvokeHandler.ServeHTTP()` method in `internal/http/tools_invoke.go` of GoClaw. The application accepts a user-controlled `agentId` field in the request body, resolves it via `agentStore.GetByKey`, and injects the resolved agent UUID into context with `store.WithAgentID` without calling `CanAccess`. This allows an authenticated caller with only `operator.write` privileges to create cron jobs bound to another user's private agent, bypassing the access control that correctly blocks direct reads of the same agent with HTTP 403. # Vulnerable Code File: internal/http/tools_invoke.go Method: ToolsInvokeHandler.ServeHTTP() Why: The handler resolves `agentId` from the request and injects it into context without an authorization check. Direct agent reads in `internal/http/agents.go` enforce `CanAccess`, but the tool invocation path skips this check. The `cron` tool consumes the injected agent UUID and persists the attacker-chosen target into `cron_jobs.agent_id`. The scheduler later trusts this stored `job.AgentID` as the execution target, creating a stored cross-agent authorization bypass. # Reproduction 1. As `ownerA`, verify that `GET /v1/agents/owner-b-agent` returns `403 UNAUTHORIZED`. 2. As `ownerA`, send `POST /v1/tools/invoke` with `tool=cron` and `agentId=owner-b-agent` to create a cron job. 3. Observe HTTP 200 and the cron job is persisted with `user_id=ownerA` but `agent_id` bound to `ownerB`'s private agent. 4. Confirm in SQLite that `cron_jobs` contains a row where the bound `agent_key` is `owner-b-agent` and `owner_id` is `ownerB`. # Impact - Lower-privileged operators can plant stored scheduled work targeting another user's private agent. - The scheduled work will later run under the foreign agent's configuration, prompts, tools, and execution context. - Violates agent ownership boundaries and the scheduler's trust in persisted work items.
La source⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1217
Utilisateur
 Eric-g (UID 96879)
Soumission12/06/2026 10:55 (il y a 1 mois)
Modérer17/07/2026 17:57 (1 month later)
StatutAccepté
Entrée VulDB379832 [nextlevelbuilder GoClaw jusqu’à 3.13.2 Invoke Endpoint tools_invoke.go ToolsInvokeHandler.ServeHTTP élévation de privilèges]
Points20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!