Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 0104366417dd · 2026-04-21T15:17:44.000Z
GHSA-gfc2-9qmw-w7vh GHSA-m6rx-7pvw-2f73
diff --git a/advisories/github-reviewed/2026/04/GHSA-gfc2-9qmw-w7vh/GHSA-gfc2-9qmw-w7vh.json b/advisories/github-reviewed/2026/04/GHSA-gfc2-9qmw-w7vh/GHSA-gfc2-9qmw-w7vh.json
@@ -0,0 +1,67 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gfc2-9qmw-w7vh",
+  "modified": "2026-04-21T15:14:40Z",
+  "published": "2026-04-21T15:14:40Z",
+  "aliases": [
+    "CVE-2026-34839"
+  ],
+  "summary": "Glances: Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS",
+  "details": "### Summary\nThe Glances web server exposes a REST API (`/api/4/*`) that is accessible without authentication and allows cross-origin requests from any origin due to a permissive CORS policy (`Access-Control-Allow-Origin: *`).\n\nThis allows a malicious website to read sensitive system information from a running Glances instance in the victim’s browser, leading to cross-origin data exfiltration.\n\nWhile a previous advisory exists for XML-RPC CORS issues, this report demonstrates that the REST API (`/api/4/*`) is also affected and exposes significantly more sensitive data.\n\n### Details\nWhen Glances is started in web mode (e.g., `glances -w -B 0.0.0.0`), it exposes a REST API endpoint at:\nhttp://<host>:61208/api/4/all\nThe server responds with:\nAccess-Control-Allow-Origin: *\n\nThis allows any origin to perform cross-origin requests and read responses.\n\nThe `/api/4/all` endpoint returns extensive system information, including:\n- Process list (`processlist`)\n- System details (hostname, OS, CPU info)\n- Memory and disk usage\n- Network interfaces and IP address\n- Running services and metrics\nBecause no authentication is required by default, this data is accessible to any web page.\n\n### PoC\n1. Start Glances:\nglances -w -B 0.0.0.0\n\n2. Create a malicious HTML file:\n\n```\n<!DOCTYPE html>\n<html>\n<body>\n<script>\nfetch(\"http://<victim-ip>:61208/api/4/all\")\n  .then(r => r.json())\n  .then(data => {\n    console.log(\"DATA:\", data);\n  });\n</script>\n</body>\n</html>\n```\n2. Open the file in a browser while Glances is running.\n3. Observe that the browser successfully retrieves sensitive system information from the API.\nThis works cross-origin (e.g., from file:// or attacker-controlled domains).\n\n### Impact\nA remote attacker can host a malicious website that, when visited by a victim running Glances, can:\n\n- Read sensitive system information\n- Enumerate running processes\n- Identify network configuration and IP addresses\n- Fingerprint the host system\n\nThis requires no authentication and no user interaction beyond visiting a web page. This represents a cross-origin information disclosure vulnerability and can aid further attacks such as reconnaissance or targeted exploitation.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "Glances"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "4.5.4"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-gfc2-9qmw-w7vh"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34839"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/nicolargo/glances/commit/fdfb977b1d91b5e410bc06c4e19f8bedb0005ce9"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/nicolargo/glances"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200",
+      "CWE-306",
+      "CWE-942"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-21T15:14:40Z",
+    "nvd_published_at": "2026-04-21T00:16:27Z"
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-m6rx-7pvw-2f73/GHSA-m6rx-7pvw-2f73.json b/advisories/github-reviewed/2026/04/GHSA-m6rx-7pvw-2f73/GHSA-m6rx-7pvw-2f73.json
@@ -0,0 +1,66 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m6rx-7pvw-2f73",
+  "modified": "2026-04-21T15:16:16Z",
+  "published": "2026-04-21T15:16:16Z",
+  "aliases": [
+    "CVE-2026-35570"
+  ],
+  "summary": "OpenClaude: Sandbox Bypass via Early-Exit Logic Flaw Allows Path Traversal ",
+  "details": "A logic flaw exists in `bashToolHasPermission()` inside `src/tools/BashTool/bashPermissions.ts`. When the sandbox auto-allow feature is active and no explicit deny rule is configured, the function returns an `allow` result immediately — before the path constraint filter (`checkPathConstraints`) is ever evaluated. This allows commands containing path traversal sequences (e.g., `../../../../../etc/passwd`) to bypass directory restrictions entirely.\n\n## Affected Component\n\n- **File:** `src/tools/BashTool/bashPermissions.ts`\n- **Function:** `bashToolHasPermission`\n- **Location:** ~line 1445 (sandbox auto-allow block)\n\n## Vulnerable Code Flow\n\n```\nbashToolHasPermission()\n    │\n    ├─ [~1445] Sandbox auto-allow block\n    │       └─ No deny rule found → return ALLOW  ⚠️ Early exit\n    │\n    └─ [~1644] checkPathConstraints()             ❌ Never reached\n```\n\nThe sandbox block was designed to skip interactive permission prompts in sandboxed environments. However, it unintentionally also skips the path traversal filter, which is a separate and critical security control.\n\n## Impact\n\nAny process or user operating in a sandboxed session with no explicit deny rules can:\n\n- Read arbitrary files outside the sandbox boundary (e.g., `/etc/passwd`, `/etc/shadow`, `.env` files, SSH private keys)\n- Write to arbitrary paths (subject to OS-level permissions)\n- Fully defeat the filesystem isolation that the sandbox is intended to enforce\n\n## Steps to Reproduce\n\n1. Enable sandbox mode: `SandboxManager.isSandboxingEnabled() = true`\n2. Enable auto-allow: `SandboxManager.isAutoAllowBashIfSandboxedEnabled() = true`\n3. Ensure no explicit deny rules are configured for the session\n4. Submit a bash command with a path traversal payload:\n   ```\n   cat ../../../../../etc/passwd\n   ```\n5. Observe that the command receives `behavior: allow` without triggering `checkPathConstraints`\n\n## Recommended Fix\n\nThe sandbox auto-allow block should **never short-circuit the full permission pipeline**. It may suppress interactive prompts, but path constraint validation must always execute.\n\n### Option 1 — Preferred: Continue pipeline on `allow`\n\nOnly return early for `deny` or `ask` behaviors. Let `allow` fall through to `checkPathConstraints`:\n\n```typescript\nif (\n  SandboxManager.isSandboxingEnabled() &&\n  SandboxManager.isAutoAllowBashIfSandboxedEnabled() &&\n  shouldUseSandbox(input)\n) {\n  const sandboxAutoAllowResult = checkSandboxAutoAllow(\n    input,\n    appState.toolPermissionContext,\n  );\n  if (sandboxAutoAllowResult.behavior !== 'allow') {\n    // Only block or prompt — never skip path checks on allow\n    return sandboxAutoAllowResult;\n  }\n  // If 'allow', continue to checkPathConstraints below\n}\n```\n\n### Option 2 — Defense in depth: Run path check before returning\n\nRun `checkPathConstraints` explicitly inside the sandbox block before returning:\n\n```typescript\nif (sandboxAutoAllowResult.behavior !== 'passthrough') {\n  const pathCheck = checkPathConstraints(input, appState.toolPermissionContext);\n  if (pathCheck.behavior !== 'allow') {\n    return pathCheck; // Block traversal attempts even in sandbox\n  }\n  return sandboxAutoAllowResult;\n}\n```\n\n### Option 3 — Minimal change: Move sandbox block after path check\n\nReorder the function so `checkPathConstraints` always runs first, and the sandbox block only handles the prompt-suppression logic afterward.\n\n---\n\nCredit: Elvin Latifli (@Rickidevs )",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@gitlawb/openclaude"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.5.1"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/Gitlawb/openclaude/security/advisories/GHSA-m6rx-7pvw-2f73"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35570"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Gitlawb/openclaude/commit/7002cb302b78ea2a19da3f26226de24e2903fa1d"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/Gitlawb/openclaude"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22",
+      "CWE-284"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-21T15:16:16Z",
+    "nvd_published_at": "2026-04-21T00:16:28Z"
+  }
+}
