Listen to this Post
The vulnerability exploits insecure command construction within Clawdbot’s Docker sandbox. When executing a command inside the container, the application uses user-supplied environment variables without proper sanitization. Specifically, it trusts the `PATH` variable when locating binaries via the `which` command or similar shell lookup mechanisms. An attacker can set the `PATH` environment variable to include a directory they control, such as /tmp. They then place a malicious executable with a name matching a command the sandbox intends to run (e.g., git, npm). When the sandbox process spawns a shell command without an absolute path, the shell searches the attacker-controlled `PATH` directory first, executing their malicious binary instead of the legitimate system tool. This grants the attacker code execution within the container context, bypassing the sandbox isolation.
Platform: Clawdbot
Version: Pre-2.8.5
Vulnerability: Command Injection
Severity: Critical
date: 2024-10-15
Prediction: Patch 2024-10-22
What Undercode Say:
Example of vulnerable command construction inside the application code
subprocess.run(f"which {user_cmd}", shell=True, env=user_env)
Attacker sets malicious PATH
export PATH=/tmp/evil:$PATH
echo "!/bin/sh\ncat /etc/passwd" > /tmp/evil/git
chmod +x /tmp/evil/git
How Exploit:
Authenticated user injects controlled `PATH` variable leading to execution of malicious binary placed in that path.
Protection from this CVE:
Validate/sanitize environment variables. Use absolute paths for all executed binaries. Implement allow-listing for commands.
Impact:
Container filesystem access. Sensitive data exposure. Privilege escalation risk.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

