[Bug]: Feishu channel hardcodes CommandAuthorized: true, bypassing access groups #14875
Description
Summary
The Feishu channel extension unconditionally sets CommandAuthorized: true for every inbound message, bypassing the access group command gating system. All 9 other channels compute this value dynamically via resolveCommandAuthorizedFromAuthorizers, but Feishu hardcodes it, allowing any Feishu user to execute admin/control commands regardless of access group configuration.
Executive Risk Snapshot
- CVSS v3.1: 7.1 (High)
- CVSS v4.0: 7.1 (High)
- Primary risk: The Feishu channel extension unconditionally sets
CommandAuthorized: truefor every inbound message, bypassing the access group command gating system.
Technical Analysis
The command gating system (src/channels/command-gating.ts) uses the CommandAuthorized field from the message context to determine if a sender can execute elevated commands. When CommandAuthorized is true, resolveControlCommandGate sets shouldBlock = false, granting unrestricted command access. Every other channel computes this field by checking the sender against configured access groups. Feishu skips this check entirely at extensions/feishu/src/bot.ts:830.
Affected Code
File: extensions/feishu/src/bot.ts:830
CommandAuthorized: true, // hardcoded — no access group checkCompare with Mattermost (extensions/mattermost/src/mattermost/monitor.ts:722):
CommandAuthorized: commandAuthorized, // computed via resolveCommandAuthorizedFromAuthorizersSteps to Reproduce
- Deploy OpenClaw with Feishu channel enabled
- Configure access groups to restrict admin commands to specific trusted users
- Send an admin/control command from any unprivileged Feishu user
- The command executes successfully — access groups are silently bypassed
Recommended Fix
Replace the hardcoded CommandAuthorized: true with the standard authorization check using resolveCommandAuthorizedFromAuthorizers, matching the pattern used by every other channel extension.
Detailed Risk Analysis
CVSS Assessment
| Metric | v3.1 | v4.0 |
|---|---|---|
| Score | 7.1 / 10.0 | 7.1 / 10.0 |
| Severity | High | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N |
| Calculator | CVSS v3.1 Calculator | CVSS v4.0 Calculator |
Attack Surface
Any user who can send messages to the Feishu bot. The attack requires no special configuration — simply send a control command via Feishu.
Exploit Conditions
- OpenClaw instance with Feishu channel enabled
- Access groups configured (if no access groups, all users are already allowed)
- Attacker needs a Feishu account that can message the bot (Low privilege)
Impact Assessment
- Confidentiality: Low — Admin commands may expose configuration or session information
- Integrity: High — Admin commands can modify bot behavior, agent configuration, and system settings
- Availability: None — No direct availability impact
References
- CWE: CWE-862 - Missing Authorization
Exploitability Proof
Source: Feishu message event → bot.ts message handler → constructs MsgContext with CommandAuthorized: true (line 830) → resolveControlCommandGate() sees commandAuthorized = true → shouldBlock = false → control command executes.
Mitigation Checks Performed
- Checked all 10 channel implementations: Discord, Mattermost, Matrix, Zalo, ZaloUser, BlueBubbles, WhatsApp/Web, Google Chat, Discord native commands all properly compute
commandAuthorizedviaresolveCommandAuthorizedFromAuthorizers - Only Feishu hardcodes
true - No secondary authorization check exists in the command execution path
Reproduction Evidence
Direct code comparison: grep -n "CommandAuthorized" extensions/feishu/src/bot.ts shows CommandAuthorized: true at line 830. Compare with grep -rn "CommandAuthorized" extensions/mattermost/ showing dynamic computation.
Why This Is Exploitable (Not Hardening)
This is not a missing feature — it is a broken implementation. The authorization system exists, is configured by admins, and works on all other channels. Feishu silently ignores it, creating a false sense of security for operators who believe their access group configuration protects all channels.