| タイトル | mosaxiv clawlet 0.2.10 Server-Side Request Forgery (SSRF) (CWE-918) |
|---|
| 説明 | # Technical Details
An SSRF vulnerability exists in the default `web_fetch` execution path in `tools/tool_web_fetch.go`, with configuration seeded by `config.Default()` and policy evaluation in `tools/web_fetch_policy.go`, of clawlet.
The application fails to deny loopback and RFC1918/private-network HTTP targets at runtime. The default configuration sets `AllowedDomains` to `["*"]`, and the fetch path checks only hostname policy before sending the request, so localhost and internal services remain reachable.
# Vulnerable Code
File: `config/config.go`, `tools/tool_web_fetch.go`, `tools/web_fetch_policy.go`
Method: `config.Default`, `(*Registry).webFetch`, `allowHostByPolicy`
Why: `config.Default()` creates a wildcard-allow web policy, and `(*Registry).webFetch` relies on `allowHostByPolicy` without any built-in loopback/private-IP deny check before `http.Client.Do`. The redirect callback repeats the same incomplete validation.
# Reproduction
1. Start a loopback canary HTTP server on the host running clawlet.
2. Invoke the real `tools.Registry.Execute("web_fetch", ...)` path under `config.Default()` with a URL pointing to `127.0.0.1`, `localhost`, or another internal HTTP endpoint.
3. Confirm the returned tool output contains the canary response body and the canary server records the inbound hit; then apply a restrictive domain policy to verify the control request is blocked.
# Impact
- Loopback-only and private-network HTTP services can be reached through the clawlet host.
- Sensitive internal responses can be disclosed directly to the model or caller.
- The host can be abused as a pivot for further internal HTTP interaction. |
|---|
| ソース | ⚠️ https://github.com/mosaxiv/clawlet/issues/14 |
|---|
| ユーザー | Eric-b (UID 96354) |
|---|
| 送信 | 2026年06月11日 09:05 (1 月 ago) |
|---|
| モデレーション | 2026年07月13日 18:57 (1 month later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 378123 [mosaxiv clawlet 迄 0.2.10 tools/tool_web_fetch.go tools.webFetch 特権昇格] |
|---|
| ポイント | 20 |
|---|