| 제목 | AstrBotDevs AstrBot 4.23.6 Incorrect Authorization (CWE-863) |
|---|
| 설명 | # Technical Details
An Incorrect Authorization vulnerability exists in the `_normalize_rw_path` method in `astrbot/core/tools/computer_tools/fs.py` of AstrBot.
The application fails to restrict file write and edit operations by reusing the read-allowed roots authorization logic. The `FileWriteTool` and `FileEditTool` workflows rely on `_normalize_rw_path`, which only verifies if a path is within the allowed read roots. Because the global skills directory is included in these read roots, restricted non-admin users can supply absolute paths targeting the skills directory and successfully bypass authorization to modify global automation logic.
# Vulnerable Code
File: astrbot/core/tools/computer_tools/fs.py
Method: _normalize_rw_path
Why: The function checks authorization by comparing the requested path against `_read_allowed_roots`, which incorrectly permits write/edit operations to global read-only paths like the skills directory.
# Reproduction
1. Log in to the AstrBot dashboard as a non-admin restricted user.
2. Trigger the `FileWriteTool.call` or `FileEditTool.call` function by sending a chat message to the LLM (e.g., via `/api/chat/send`).
3. Supply an absolute path targeting the global skills directory, such as `.../data/skills/malicious/SKILL.md`.
4. Observe that the file is successfully created or edited despite the restricted user privileges.
# Impact
- Arbitrary modification of globally shared skills content.
- Persistent malicious skill injection into the environment.
- Potential Remote Code Execution (RCE) when injected skills are loaded or executed by the system. |
|---|
| 원천 | ⚠️ https://gist.github.com/YLChen-007/b5e4671ff68e4f9001d977180ef4f081 |
|---|
| 사용자 | Eric-a (UID 96353) |
|---|
| 제출 | 2026. 05. 07. PM 01:30 (1 월 ago) |
|---|
| 모더레이션 | 2026. 05. 31. AM 09:14 (24 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 367490 [AstrBotDevs AstrBot 4.23.6 fs.py _normalize_rw_path 권한 상승] |
|---|
| 포인트들 | 20 |
|---|