| Title | nextlevelbuilder GoClaw 3.13.2 Incorrect Authorization (CWE-863) |
|---|
| Description | # Technical Details
An Exec Approval Bypass via BusyBox-wrapped `allow-always` exists in the `RequestApproval()` method in `internal/tools/exec_approval.go` of GoClaw.
The application's approval cache persists `allow-always` decisions using only `extractBin(command)`, which returns the basename of the first token (e.g., `busybox`). This means once an operator permanently approves one BusyBox-wrapped shell command (`busybox sh -c 'echo warmup-ok'`), all subsequent `busybox sh -c ...` payloads bypass re-approval because they resolve to the same cache key.
# Vulnerable Code
File: internal/tools/exec_approval.go
Method: RequestApproval() and matchesAllowlist()
Why: `RequestApproval()` persists `allow-always` using only `extractBin(command)` which returns `filepath.Base(fields[0])`. `matchesAllowlist()` later checks only that same extracted basename. For `/usr/bin/busybox sh -c '...'`, the stored trust key is `busybox`, and any subsequent `busybox sh -c '<arbitrary payload>'` matches the same key, executing without new approval.
# Reproduction
1. Configure GoClaw with `tools.execApproval.security=full` and `ask=on-miss`.
2. Approve `/usr/bin/busybox sh -c 'echo warmup-ok'` with `allow-always` via the WebSocket approval endpoint.
3. Invoke `/usr/bin/busybox sh -c 'id > marker'` via `POST /v1/tools/invoke`.
4. Observe: no second approval event, HTTP 200 returned, and `marker` file contains `uid=0(root)`.
5. Control test: repeat with `allow-once` — a second approval event fires, denial returns HTTP 400, no marker file created.
# Impact
- Arbitrary command execution with the GoClaw process's host privileges after a single BusyBox approval
- Workspace file read/write and tampering
- Credential, config, source, or token extraction from the host environment
- Follow-on system compromise depending on deployment context |
|---|
| Source | ⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1212 |
|---|
| User | Erichen (UID 98955) |
|---|
| Submission | 06/12/2026 10:39 (1 month ago) |
|---|
| Moderation | 07/17/2026 17:57 (1 month later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 379828 [nextlevelbuilder GoClaw up to 3.13.2 WebSocket Approval Endpoint exec_approval.go RequestApproval authorization] |
|---|
| Points | 20 |
|---|