| 标题 | nextlevelbuilder GoClaw >= v2.8.1, <= v3.11.3 Missing Authentication for Critical Function (CWE-306); Insufficient Verification of Data Authenticity (CWE-345) |
|---|
| 描述 | # Technical Details
A Missing Authentication and Insufficient Verification vulnerability exists in the `resolveAuth` authentication flow in `internal/http/auth.go` and webhook verification handlers in `internal/channels/feishu/larkevents.go` and `internal/channels/pancake/webhook_handler.go` of GoClaw.
When `GOCLAW_GATEWAY_TOKEN` is unset or empty, the HTTP authentication resolver fails open and treats unauthenticated requests as authenticated `RoleAdmin` callers. Sensitive routes such as `POST /v1/tools/invoke`, MCP server management routes, API key management, storage mutation endpoints, backup/restore operations, and other `requireAuth(...)` routes then trust that admin result. Separately, Feishu and Pancake webhook handlers skip token or HMAC verification entirely when their verification secret is blank, allowing forged webhook events to be accepted as trusted input.
# Vulnerable Code
File: internal/http/auth.go
Method: resolveAuth
Why: If the configured gateway token is empty, the function returns an authenticated admin result instead of denying unauthenticated requests.
File: internal/http/tools_invoke.go
Method: tools invoke handler
Why: The handler trusts `resolveAuth()` and only requires operator-or-higher privileges, so the fail-open admin result allows unauthenticated tool execution.
File: internal/http/mcp.go
Method: MCPHandler.RegisterRoutes / MCPHandler.adminAuth
Why: Sensitive MCP management routes are protected through `requireAuth(...)`, which inherits the fail-open authentication result.
File: internal/channels/feishu/larkevents.go
Method: Feishu webhook event handler
Why: Token verification is conditional on `verificationToken` being non-empty, so blank configuration disables authenticity checks.
File: internal/channels/pancake/webhook_handler.go
Method: Pancake webhook handler
Why: HMAC signature verification is conditional on `target.webhookSecret` being non-empty, so blank configuration allows unsigned forged events.
# Reproduction
1. Deploy GoClaw with `GOCLAW_GATEWAY_TOKEN` unset or empty and expose the HTTP listener.
2. Ensure `POST /v1/tools/invoke` is enabled and at least one built-in tool such as `file_read` is registered.
3. Send `POST /v1/tools/invoke` without an `Authorization` header.
4. Observe that the request is accepted and the tool executes because `resolveAuth()` returns an authenticated admin role.
5. For the webhook path, configure a Feishu or Pancake channel without `verification_token` or `webhook_secret`.
6. Send a forged webhook payload to the exposed callback URL.
7. Observe that the forged event is accepted with HTTP 200 and forwarded into the normal message-processing flow.
# Impact
- Remote unauthenticated attackers can call privileged HTTP APIs when the gateway token is blank.
- Attackers may execute enabled tools, potentially causing file disclosure, file writes, SSRF, command execution through installed tools, tenant-wide configuration changes, or environment compromise.
- Forged webhook events can be injected into Feishu or Pancake integrations when verification secrets are absent.
- The agent may execute actions based on attacker-controlled messages that are treated as trusted inbound events. |
|---|
| 来源 | ⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1134 |
|---|
| 用户 | Eric-h (UID 97582) |
|---|
| 提交 | 2026-05-14 07時40分 (21 日前) |
|---|
| 管理 | 2026-06-02 15時49分 (19 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 367926 [nextlevelbuilder GoClaw 直到 3.11.3 Webhook Verification internal/http/auth.go resolveAuth 弱身份验证] |
|---|
| 积分 | 20 |
|---|