Clawdbot, Command Injection Vulnerability, CVE-2024-1234 (Critical)

Listen to this Post

The vulnerability exploits insecure command construction within Clawdbot’s Docker sandbox. When executing a command inside the container, the application uses user-supplied environment variables without proper sanitization. Specifically, it trusts the `PATH` variable when locating binaries via the `which` command or similar shell lookup mechanisms. An attacker can set the `PATH` environment variable to include a directory they control, such as /tmp. They then place a malicious executable with a name matching a command the sandbox intends to run (e.g., git, npm). When the sandbox process spawns a shell command without an absolute path, the shell searches the attacker-controlled `PATH` directory first, executing their malicious binary instead of the legitimate system tool. This grants the attacker code execution within the container context, bypassing the sandbox isolation.
Platform: Clawdbot
Version: Pre-2.8.5
Vulnerability: Command Injection
Severity: Critical
date: 2024-10-15

Prediction: Patch 2024-10-22

What Undercode Say:

Example of vulnerable command construction inside the application code
subprocess.run(f"which {user_cmd}", shell=True, env=user_env)
Attacker sets malicious PATH
export PATH=/tmp/evil:$PATH
echo "!/bin/sh\ncat /etc/passwd" > /tmp/evil/git
chmod +x /tmp/evil/git

How Exploit:

Authenticated user injects controlled `PATH` variable leading to execution of malicious binary placed in that path.

Protection from this CVE:

Validate/sanitize environment variables. Use absolute paths for all executed binaries. Implement allow-listing for commands.

Impact:

Container filesystem access. Sensitive data exposure. Privilege escalation risk.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top