| शीर्षक | Goclaw V0.4.0 Command execution |
|---|
| विवरण | GoClaw does not reject the unauthenticated connection if the token is wrong, but reduces the connection to an authenticated viewer. The permission engine mistakenly defaults many unexplicitly classified RPC methods as viewer accessible, resulting in low-privilege sessions still being able to read channels.instances.list, directly get the original agent_id (UUID) and call logs.tail to subscribe to the server-side logs, calling heartbeat.set / heartbeat.checklist.set / heartbeat.test, the heartbeat runner injects the prompt and HEARTBEAT.md written by the attacker into the agent execution stream. If the target agent has the exec tool capability, it will eventually fall to the host machine sh -c to form command execution. |
|---|
| स्रोत | ⚠️ https://github.com/nextlevelbuilder/goclaw/issues/866 |
|---|
| उपयोगकर्ता | AiSec (UID 97073) |
|---|
| सबमिशन | 13/04/2026 09:24 AM (2 महीनों पहले) |
|---|
| संयम | 30/04/2026 04:51 PM (17 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 360314 [nextlevelbuilder GoClaw/GoClaw Lite तक 3.8.5 RPC अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|