| 제목 | Sipeed PicoClaw <= 0.2.9 Information Disclosure (CWE-200) |
|---|
| 설명 | # Technical Details
An information disclosure vulnerability exists in the `exec` command safety guard in `pkg/tools/shell.go` of PicoClaw.
The application fails to apply deny-pattern inspection after a command matches `custom_allow_patterns`. A command matching an allow rule such as `^jq\b` is treated as fully exempt from deny checks, allowing jq programs using `$ENV` or `env` to read process environment variables.
# Vulnerable Code
File: `pkg/tools/shell.go`
Method: `guardCommand`
Why: Sets `explicitlyAllowed = true` when a custom allow regex matches, then skips the deny-pattern loop entirely for that command line.
# Reproduction
1. Configure `custom_allow_patterns` to allow jq, for example `^jq\b`.
2. Configure deny patterns intended to block jq environment access, such as `$env` or `env`.
3. Invoke the `exec` tool with a jq payload that reads environment variables, such as `jq -n '$ENV'`.
4. Observe that the command is executed instead of being blocked and process environment data is disclosed.
# Impact
- Exposes runtime secrets stored in environment variables.
- May disclose API keys, provider credentials, proxy secrets, cloud credentials, and tokens.
- Defeats operator expectations that deny patterns remain enforced for allowlisted binaries. |
|---|
| 원천 | ⚠️ https://github.com/sipeed/picoclaw/issues/3079 |
|---|
| 사용자 | Eric-d (UID 96861) |
|---|
| 제출 | 2026. 06. 09. PM 12:16 (1 월 ago) |
|---|
| 모더레이션 | 2026. 07. 09. PM 08:07 (1 month later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 366374 [PicoClaw 까지 0.1.2 ExecTool pkg/tools/shell.go guardCommand 권한 상승] |
|---|
| 포인트들 | 0 |
|---|