| Titre | nextlevelbuilder GoClaw 3.13.2 Missing Authorization (CWE-862) |
|---|
| Description | # Technical Details
A cross-agent authorization bypass exists in the `ToolsInvokeHandler.ServeHTTP()` method in `internal/http/tools_invoke.go` of GoClaw.
The application accepts a user-controlled `agentId` field in the request body, resolves it via `agentStore.GetByKey`, and injects the resolved agent UUID into context with `store.WithAgentID` without calling `CanAccess`. This allows an authenticated caller with only `operator.write` privileges to create cron jobs bound to another user's private agent, bypassing the access control that correctly blocks direct reads of the same agent with HTTP 403.
# Vulnerable Code
File: internal/http/tools_invoke.go
Method: ToolsInvokeHandler.ServeHTTP()
Why: The handler resolves `agentId` from the request and injects it into context without an authorization check. Direct agent reads in `internal/http/agents.go` enforce `CanAccess`, but the tool invocation path skips this check. The `cron` tool consumes the injected agent UUID and persists the attacker-chosen target into `cron_jobs.agent_id`. The scheduler later trusts this stored `job.AgentID` as the execution target, creating a stored cross-agent authorization bypass.
# Reproduction
1. As `ownerA`, verify that `GET /v1/agents/owner-b-agent` returns `403 UNAUTHORIZED`.
2. As `ownerA`, send `POST /v1/tools/invoke` with `tool=cron` and `agentId=owner-b-agent` to create a cron job.
3. Observe HTTP 200 and the cron job is persisted with `user_id=ownerA` but `agent_id` bound to `ownerB`'s private agent.
4. Confirm in SQLite that `cron_jobs` contains a row where the bound `agent_key` is `owner-b-agent` and `owner_id` is `ownerB`.
# Impact
- Lower-privileged operators can plant stored scheduled work targeting another user's private agent.
- The scheduled work will later run under the foreign agent's configuration, prompts, tools, and execution context.
- Violates agent ownership boundaries and the scheduler's trust in persisted work items. |
|---|
| La source | ⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1217 |
|---|
| Utilisateur | Eric-g (UID 96879) |
|---|
| Soumission | 12/06/2026 10:55 (il y a 1 mois) |
|---|
| Modérer | 17/07/2026 17:57 (1 month later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 379832 [nextlevelbuilder GoClaw jusqu’à 3.13.2 Invoke Endpoint tools_invoke.go ToolsInvokeHandler.ServeHTTP élévation de privilèges] |
|---|
| Points | 20 |
|---|