提交 #856858: nextlevelbuilder GoClaw 3.13.3-beta.3 Server-Side Request Forgery (CWE-918)信息

标题nextlevelbuilder GoClaw 3.13.3-beta.3 Server-Side Request Forgery (CWE-918)
描述# Technical Details An SSRF protection bypass exists in the `CheckSSRF()` / `isPrivateIP()` function in `internal/tools/web_shared.go` of GoClaw. The application uses a hard-coded IPv4 blocklist that enumerates common private/reserved ranges (127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, etc.) but omits the IANA special-use/non-global IPv4 range `x.x.x.x/15`. The `web_fetch` tool calls `CheckSSRF(rawURL)` before issuing outbound requests, and because the blocklist is incomplete, requests to `x.x.x.x/15` addresses pass the SSRF gate and reach the real network sink via `client.Do(req)`. # Vulnerable Code File: internal/tools/web_shared.go Method: CheckSSRF() / isPrivateIP() Why: The `privateRanges` slice enumerates only {x.x.x.x/8, 10.0.0.0/8, 127.0.0.0/8, x.x.x.x/16, 172.16.0.0/12, 192.168.0.0/16, x.x.x.x/10} but omits the special-use range `x.x.x.x/15`. When `CheckSSRF()` is called with a URL targeting this range, it incorrectly classifies the destination as non-private, allowing the `web_fetch` tool to issue outbound HTTP requests to addresses that should be blocked by SSRF policy. # Reproduction 1. Start GoClaw gateway with SQLite on `127.0.0.1`. 2. Bind `x.x.x.x/32` to the loopback interface and start a canary HTTP listener on `x.x.x.x:18080`. 3. Invoke `POST /v1/tools/invoke` with `{"tool":"web_fetch","args":{"url":"http://x.x.x.x:18080/canary"}}`. 4. Observe HTTP 200 and the canary response body `special-use-ipv4-canary`. 5. Run the matched control against `http://127.0.0.1:18080/canary` — observe HTTP 400 with `SSRF protection: private IP address not allowed: 127.0.0.1`. # Impact - Authenticated operators can force the GoClaw server to connect to special-use/non-global IPv4 destinations that SSRF policy should deny. - Enables probing network reachability from the GoClaw host or container. - Allows reading HTTP responses from internal or special-route services bound to the `x.x.x.x/15` range. - Enables attacks against downstream internal services reachable only from the GoClaw network position. Vendor: zevorn Product: rt-claw Version: unreleased post-v0.2.0 (36d128f) Class: Incorrect Authorization (CWE-863) Link: https://github.com/zevorn/rt-claw/issues/133 ReqCVE: 1 Desc: # Technical Details An Incorrect Authorization vulnerability exists in the `handle_rpc_request()` method in `claw/services/swarm/swarm.c` of rt-claw. The application fails to enforce `CLAW_TOOL_LOCAL_ONLY` tool flags on the swarm RPC receiver path. The sender helper `swarm_rpc_call()` correctly refuses to delegate local-only tools, but the inbound receiver path at `handle_rpc_request()` parses attacker-controlled JSON from a UDP packet and directly invokes `claw_tool_invoke()` without checking whether the requested tool is flagged as local-only. This allows an unauthenticated remote peer to invoke `run_script` over UDP port 5300 and achieve arbitrary Python code execution on the Linux host. # Vulnerable Code File: claw/services/swarm/swarm.c (lines 300–339) Method: handle_rpc_request() Why: The receiver parses attacker-supplied `req->tool_name` and `req->payload`, then calls `claw_tool_invoke(tool, invoke_params, result)` with no check against `tool->flags & CLAW_TOOL_LOCAL_ONLY`. The sender-side check at `swarm_rpc_call()` (line 476–480) exists but is bypassed by crafting raw UDP packets directly to the listener. # Reproduction 1. Build rt-claw for Linux with `-Dosal=linux -Dswarm=true -Dtool_script=true` 2. Start the rtclaw binary, which binds UDP port 5300 3. Send a forged UDP swarm RPC packet with `tool_name="run_script"` and a JSON payload containing `"code": "print('udp-canary')"` 4. Observe the RPC response returns `status=0` with the Python execution output 5. Run control: send the same tool request through the sender helper `swarm_rpc_call()` — it correctly rejects because of the local-only flag # Impact - Remote unauthenticated attacker can execute arbitrary Python code on the target Linux host with the privileges of the rtclaw process - Full compromise of confidentiality, integrity, and availability of the host - The same receiver-side authorization gap applies to any tool registered with CLAW_TOOL_LOCAL_ONLY
来源⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1218
用户
 Eric-g (UID 96879)
提交2026-06-12 10時55分 (1 月前)
管理2026-07-17 17時57分 (1 month later)
状态已接受
VulDB条目379833 [nextlevelbuilder GoClaw 直到 3.15.0-beta.32 web_fetch web_shared.go CheckSSRF/isPrivateIP 权限提升]
积分20

Do you want to use VulDB in your project?

Use the official API to access entries easily!