जमा करें #855847: nextlevelbuilder GoClaw 3.13.3-beta.3 Information Disclosure (CWE-200)जानकारी

शीर्षकnextlevelbuilder GoClaw 3.13.3-beta.3 Information Disclosure (CWE-200)
विवरण# Technical Details An Information Disclosure vulnerability exists in the `handleNavigate` method in `pkg/browser/tool.go` of GoClaw. The application fails to restrict browser navigation schemes. Through the authenticated `POST /v1/tools/invoke` browser path, `pkg/browser/tool.go` reads `args.targetUrl` and only checks that it is non-empty, while `pkg/browser/browser_page.go` passes the value directly to Rod's `page.Navigate(url)` without a scheme allowlist. An operator can navigate to `file://` URLs and then read the file contents back through the normal browser primitives `snapshot` or `act.evaluate`. # Vulnerable Code File: pkg/browser/tool.go Method: handleNavigate Why: The browser tool accepts attacker-controlled `targetUrl` and forwards it to `pkg/browser/browser_page.go`, which calls navigation on the supplied URL without blocking `file://`. The same session can then use `act.evaluate` to read `document.body.innerText` from the loaded local file. # Reproduction 1. Run GoClaw `3.13.3-beta.3` with the `browser` tool enabled and a reachable Chrome/Chromium CDP endpoint. 2. Use `POST /v1/tools/invoke` with `tool=browser`, `action=navigate`, and `args.targetUrl=file:///path/to/readable/local/file`. 3. Use `snapshot` or `act.evaluate` on the same tab and observe the local file contents in the response. # Impact - Authenticated operators can disclose arbitrary local files readable by the browser process account. - Sensitive configuration, logs, workspace data, tokens written to disk, and other local artifacts may be exposed.
स्रोत⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1207
उपयोगकर्ता Eric-e (UID 97581)
सबमिशन11/06/2026 10:38 AM (1 महीना पहले)
संयम13/07/2026 07:24 PM (1 month later)
स्थितिस्वीकृत
VulDB प्रविष्टि378129 [nextlevelbuilder GoClaw तक 3.13.3-beta.3 pkg/browser/tool.go handleNavigate args.targetUrl सूचना का प्रकटीकरण]
अंक20

Interested in the pricing of exploits?

See the underground prices here!