| タイトル | nextlevelbuilder GoClaw <= 3.11.3 Missing Authorization (CWE-862) |
|---|
| 説明 | # Technical Details
A Missing Authorization vulnerability exists in the `TeamTasksTool.executeComplete` method in `internal/tools/team_tasks_lifecycle.go` of GoClaw.
The application fails to verify that the caller completing a team task is the current task owner. The vulnerable flow is reachable through `POST /v1/tools/invoke` with `team_tasks(action=complete)`. `executeComplete()` attempts to auto-claim the task with `ClaimTask()` but ignores any claim failure, then calls `CompleteTask()` anyway. The SQLite and PostgreSQL storage implementations complete the task using only `id`, `status = in_progress`, `team_id`, and `tenant_id`, without checking `owner_agent_id` or lock ownership.
# Vulnerable Code
File: internal/tools/team_tasks_lifecycle.go
Method: TeamTasksTool.executeComplete
Why: The method ignores `ClaimTask()` failure and proceeds to complete the task even if it is already claimed by another agent.
File: internal/store/sqlitestore/teams_tasks_lifecycle.go
Method: SQLiteTeamStore.CompleteTask
Why: The update marks any in-progress task in the same team and tenant as completed without verifying that the caller owns the task.
File: internal/store/pg/teams_tasks_lifecycle.go
Method: PGTeamStore.CompleteTask
Why: The PostgreSQL backend contains the same missing ownership check, making the issue backend-independent.
File: internal/tools/team_tasks_read.go
Method: TeamTasksTool.executeList
Why: Team-wide task listing for teammate/system channels can expose task IDs needed by a same-team attacker.
# Reproduction
1. Run a GoClaw instance with the `team_tasks` tool enabled.
2. Create or seed a team where `victim-agent` owns an in-progress task and `attacker-agent` is a different member of the same team.
3. Use the team task listing flow to obtain the victim task ID.
4. Invoke `POST /v1/tools/invoke` as the attacker with `team_tasks(action=complete)`, the victim `task_id`, and attacker-controlled `result` content.
5. Observe that the request succeeds and the database marks the victim-owned task as completed while replacing the stored result with attacker-controlled content.
6. Run a non-member control request and observe that it fails, confirming the flaw is missing per-task authorization for same-team members.
# Impact
- A malicious or compromised team member can complete another member's in-progress task.
- The attacker can overwrite the task result with arbitrary content.
- Downstream agent workflows, approvals, reviews, and audit trails may consume forged completion data.
- Multi-agent deployments that rely on task ownership as a trust boundary can suffer workflow integrity loss. |
|---|
| ソース | ⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1133 |
|---|
| ユーザー | Eric-h (UID 97582) |
|---|
| 送信 | 2026年05月14日 07:39 (21 日 ago) |
|---|
| モデレーション | 2026年06月02日 15:49 (19 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 367925 [nextlevelbuilder GoClaw 迄 3.11.3 Team Task Completion team_tasks_lifecycle.go TeamTasksTool.executeComplete 特権昇格] |
|---|
| ポイント | 20 |
|---|