Gửi #857621: nextlevelbuilder GoClaw 3.13.3-beta.3 Authorization Bypass (CWE-285)thông tin

tiêu đềnextlevelbuilder GoClaw 3.13.3-beta.3 Authorization Bypass (CWE-285)
Mô tả# Technical Details An Authorization Bypass exists in the `detectWrapper` and secure-CLI gate path used by `ExecTool.Execute` in `goclaw/internal/tools/credentialed_exec.go` of GoClaw. The application fails to recognize PowerShell wrappers such as `pwsh -EncodedCommand` when unwrapping commands for secure-CLI enforcement. Because `pwsh` and `powershell` are omitted from `wrapperBinaries`, a registered high-risk CLI can be hidden inside encoded PowerShell text and bypass the intended grant check. # Vulnerable Code File: goclaw/internal/tools/credentialed_exec.go Method: detectWrapper / collectGateCandidates / ExecTool.Execute Why: The secure-CLI gate denies only binaries discovered through wrapper unwrapping. PowerShell wrappers are not treated as wrappers, so the protected inner binary never appears in the candidate list and no grant is enforced. # Reproduction 1. Download `verification_harness.go`, `verification_test.py`, and `control-normal-behavior.py` from the issue-linked gists. 2. Place the files together and, from the repository root, run `python3 llm-enhance/cve-finding/similar/Auth_Bypass/GHSA-3h2q-j2v4-6w5r-powershell-secure-cli-wrapper-exp/verification_test.py`. 3. Observe that a registered secure CLI such as `gh` executes through `pwsh -EncodedCommand` without the intended secure-CLI grant. # Impact - Authenticated operator-level callers or agents can execute protected credentialed CLIs without approval. - This can expose repository administration, cloud, cluster, release, or other privileged automation capabilities behind the wrapped CLI.
Nguồn⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1215
Người dùng
 Eric-x (UID 94869)
Đệ trình13/06/2026 05:06 (cách đây 1 tháng)
Kiểm duyệt18/07/2026 09:24 (1 month later)
Trạng tháiđược chấp nhận
Mục VulDB380015 [nextlevelbuilder GoClaw đến 3.13.3-beta.3 credentialed_exec.go ExecTool.Execute nâng cao đặc quyền]
điểm20

Do you want to use VulDB in your project?

Use the official API to access entries easily!