princezuda SafestClaw
- <= 4.2.4
A command-execution policy bypass vulnerability has been identified in princezuda SafestClaw versions through 4.2.4. The issue resides in the built-in web interface's shell action, specifically within the command validation function. The vulnerability allows local execution of denied commands by exploiting an incomplete allowlist. When a command is sent through the web interface, the parser extracts it and forwards it to the shell action without proper validation of the effective executable. This oversight enables the invocation of blocked interpreters, such as bash, by wrapping them in approved commands like 'env'. As a result, the bypassed command executes with the same privileges as the SafestClaw process, potentially accessing sensitive files, environment variables, and network resources.
Exploitation of this vulnerability bypasses the intended command approval process, allowing unauthorized execution of shell commands. This could lead to unauthorized access or manipulation of system resources, files, and environment variables, as well as network capabilities, depending on the executed command.
The vulnerability can be reproduced by sending a command through the SafestClaw web interface's message API that includes 'env' followed by a blocked interpreter command, such as 'bash -c id'. This command will be executed despite bash being explicitly disallowed, demonstrating the allowlist bypass.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.