PicoClaw Command Injection Vulnerability in Web Launcher Management Plane

A command injection vulnerability has been identified in PicoClaw versions through 0.2.4. The issue resides in the Web Launcher Management Plane, specifically within an unknown function of the file '/api/gateway/restart'. This vulnerability allows for remote exploitation, where an attacker can manipulate the application to execute arbitrary commands. The exploitation takes advantage of the management interface, which can be accessed without authentication. Once the injected command is executed, it can lead to unauthorized remote code execution on the server.

Impact

Exploitation of this vulnerability allows for unauthenticated remote code execution on the server where PicoClaw is running.

Reproduction

To reproduce this vulnerability, deploy PicoClaw version 0.2.4 and ensure that the Web Launcher management plane is accessible without authentication. This can be achieved by launching the PicoClaw launcher with the '-public' flag, or by allowing access from the same CIDR segment with no restrictions on the 'allowed_cidrs' parameter. Once the application is running, send a POST request to '/api/gateway/restart' with a payload that includes the desired command to be executed. When the gateway restarts, the injected command will be executed as a process hook, resulting in remote code execution.

Remediation

It is recommended to add mandatory identity authentication to the management interface and implement strict input validation for commands in the configuration.