제출 #855846: nextlevelbuilder GoClaw 3.13.2 Improper Authorization (CWE-285)정보

제목nextlevelbuilder GoClaw 3.13.2 Improper Authorization (CWE-285)
설명# Technical Details An Improper Authorization issue exists in the `CheckCommand` method in `internal/tools/exec_approval.go` of GoClaw. The application fails to consider command option semantics when classifying "safe" binaries under `tools.execApproval.security="full"` and `tools.execApproval.ask="on-miss"`. The public `POST /v1/tools/invoke` API lets authenticated operators reach `ExecTool.Execute()`, which calls `ExecApprovalManager.CheckCommand(command)`. That code auto-allows any basename in `safeBins`, including `sort` and `grep`, even when their options are used for file writes or recursive reads. # Vulnerable Code File: internal/tools/exec_approval.go Method: ExecApprovalManager.CheckCommand Why: In full-security mode, the code returns `allow` if `m.matchesAllowlist(command) || m.isSafeBin(command)`. The built-in `safeBins` set includes `"sort": true` and `"grep": true`, so `sort -o sort-output.txt input.txt` writes files and `grep -R PATTERN .` recursively reads workspace contents without human approval. # Reproduction 1. Configure GoClaw `3.13.2` with `tools.execApproval.security="full"` and `tools.execApproval.ask="on-miss"`. 2. Send a control `exec` request such as `touch should-require-approval.txt` and verify it creates a pending approval. 3. Send `sort -o sort-output.txt input.txt` or `grep -R SAFE_BINS_STDIN_ONLY_BYPASS_CANARY .` through `POST /v1/tools/invoke` and observe that the actions run without pending approval. # Impact - Operators can write files with `sort -o` and recursively read workspace contents with `grep -R` without review. - This defeats the approval workflow administrators expect to protect the `exec` tool.
원천⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1206
사용자 Eric-e (UID 97581)
제출2026. 06. 11. AM 10:38 (1 월 ago)
모더레이션2026. 07. 13. PM 07:24 (1 month later)
상태중복
VulDB 항목378127 [nextlevelbuilder GoClaw 3.11.3 exec_approval.go ExecApprovalManager.CheckCommand 권한 상승]
포인트들0

Do you want to use VulDB in your project?

Use the official API to access entries easily!