nextlevelbuilder GoClaw
- <= 3.13.2
An authorization bypass vulnerability has been identified in Nextlevelbuilder GoClaw versions up to 3.13.2. The issue arises in the exec approval process, where the system incorrectly treats different executables as the same trusted binary if they share a basename. This flaw allows an authenticated operator-level user to execute commands on the host without proper authorization, bypassing the intended approval process.
Exploitation of this vulnerability allows for unauthorized execution of commands on the host system, potentially leading to arbitrary code execution.
The vulnerability can be reproduced by first approving a command without a path, such as 'canary-bin', with the 'always=true' option. Then, a path-scoped command like './canary-bin' can be invoked without a second approval, even though it points to a different executable. This can be automated with a script that handles the approval process via WebSocket.
Users are advised to update to GoClaw versions after 3.13.2, where this vulnerability has been addressed.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.