Invia #856857: nextlevelbuilder GoClaw 3.13.2 Missing Authorization (CWE-862)informazioni

Titolonextlevelbuilder GoClaw 3.13.2 Missing Authorization (CWE-862)
Descrizione# Technical Details A cross-agent authorization bypass exists in the `ToolsInvokeHandler.ServeHTTP()` method in `internal/http/tools_invoke.go` of GoClaw. The application accepts a user-controlled `agentId` field in the request body, resolves it via `agentStore.GetByKey`, and injects the resolved agent UUID into context with `store.WithAgentID` without calling `CanAccess`. This allows an authenticated caller with only `operator.write` privileges to create cron jobs bound to another user's private agent, bypassing the access control that correctly blocks direct reads of the same agent with HTTP 403. # Vulnerable Code File: internal/http/tools_invoke.go Method: ToolsInvokeHandler.ServeHTTP() Why: The handler resolves `agentId` from the request and injects it into context without an authorization check. Direct agent reads in `internal/http/agents.go` enforce `CanAccess`, but the tool invocation path skips this check. The `cron` tool consumes the injected agent UUID and persists the attacker-chosen target into `cron_jobs.agent_id`. The scheduler later trusts this stored `job.AgentID` as the execution target, creating a stored cross-agent authorization bypass. # Reproduction 1. As `ownerA`, verify that `GET /v1/agents/owner-b-agent` returns `403 UNAUTHORIZED`. 2. As `ownerA`, send `POST /v1/tools/invoke` with `tool=cron` and `agentId=owner-b-agent` to create a cron job. 3. Observe HTTP 200 and the cron job is persisted with `user_id=ownerA` but `agent_id` bound to `ownerB`'s private agent. 4. Confirm in SQLite that `cron_jobs` contains a row where the bound `agent_key` is `owner-b-agent` and `owner_id` is `ownerB`. # Impact - Lower-privileged operators can plant stored scheduled work targeting another user's private agent. - The scheduled work will later run under the foreign agent's configuration, prompts, tools, and execution context. - Violates agent ownership boundaries and the scheduler's trust in persisted work items.
Fonte⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1217
Utente
 Eric-g (UID 96879)
Sottomissione12/06/2026 10:55 (1 mese fa)
Moderazione17/07/2026 17:57 (1 month later)
StatoAccettato
Voce VulDB379832 [nextlevelbuilder GoClaw fino a 3.13.2 Invoke Endpoint tools_invoke.go ToolsInvokeHandler.ServeHTTP escalationi di privilegi]
Punti20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!