PT-2026-60962 · Nextlevelbuilder · Goclaw
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
nextlevelbuilder GoClaw versions prior to 3.13.3
Description
An incorrect authorization issue exists in the WebSocket Approval Endpoint. A remote attacker can manipulate the
RequestApproval() function within the internal/tools/exec approval.go file to bypass authorization mechanisms.Recommendations
Update nextlevelbuilder GoClaw to version 3.13.3 or later.
As a temporary mitigation, restrict access to the WebSocket Approval Endpoint to minimize the risk of exploitation.
Exploit
Fix
Incorrect Authorization
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Goclaw