Gửi #821938: nextlevelbuilder goclaw <= v3.11.3 Improper Authorization (CWE-285)thông tin

tiêu đề	nextlevelbuilder goclaw <= v3.11.3 Improper Authorization (CWE-285)
Mô tả	# Technical Details An Evolution Suggestion Authorization Bypass exists in the `PATCH /v1/agents/{agentID}/evolution/suggestions/{suggestionID}` endpoint in `internal/http/evolution_handlers.go` of goclaw. The application fails to set an explicit role requirement in the access control middleware, using `requireAuth("", next)` which dynamically resolves to `RoleOperator` for PATCH. Gateway Tokens forcibly elevate users to `RoleAdmin` for the request context, bypassing this check. Furthermore, the endpoint lacks tenant-level admin verification checks, allowing unauthenticated or low-privilege users (e.g., Viewers) to approve, reject, or modify system-generated Evolution Suggestions. # Vulnerable Code File: internal/http/evolution_handlers.go Method: auth Why: The handler incorrectly sets an empty minimum role `requireAuth("", next)`, which auto-resolves to the weak `RoleOperator` for the HTTP PATCH method and gets bypassed by gateway tokens without secondary tenant checks. # Reproduction 1. Start up the GoClaw environment with the standard Gateway Token mechanism. 2. Ensure there is a pending system-generated evolution suggestion in the database (e.g., `tool_order` suggestion). 3. Issue a `PATCH` HTTP request against the endpoint using a low privilege (Viewer) identity. 4. Observe that the low privilege identity successfully approves or rejects the suggestion. # Impact - Administrative Privilege Escalation via the Gateway Token dynamic role assumption gap. - Attackers with only `Viewer` permissions can deny important structural configuration tuning requests, apply untested threshold changes, or forcefully disable Built-in capability tools, causing significant functional degradations (Denial of Service) globally for all users.
Nguồn	⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1120
Người dùng	Eric-b (UID 96354)
Đệ trình	07/05/2026 13:51 (cách đây 30 ngày)
Kiểm duyệt	31/05/2026 09:41 (24 days later)
Trạng thái	được chấp nhận
Mục VulDB	367497 [nextlevelbuilder GoClaw đến 3.11.3 evolution_handlers.go auth nâng cao đặc quyền]
điểm	20

◂ Trước Tổng Quan Tiếp theo ▸

Interested in the pricing of exploits?

See the underground prices here!