Enviar #856813: poco-ai poco-agent 0.5.4 Missing Authentication for Critical Function (CWE-306)información

Títulopoco-ai poco-agent 0.5.4 Missing Authentication for Critical Function (CWE-306)
Descripción# Technical Details An authorization flaw exists in the `create_task` method in `executor_manager/app/api/v1/tasks.py` of poco-agent allowing any network client to supply an arbitrary `user_id`, impersonate another user across the manager-to-backend internal trust boundary, and retrieve execution-scoped privileged resources tied to that identity. The manager forwards the attacker-controlled `user_id` into backend session creation, and the backend's runtime environment resolution (`env_var_service.get_runtime_env_map`) trusts the forwarded identity to decide whether `admins_only` system secrets should be returned. # Vulnerable Code File: executor_manager/app/api/v1/tasks.py Method: create_task (POST /api/v1/tasks route) Why: Accepts `request.user_id` directly from the request body and passes it into `TaskService.create_task()` with no authentication or caller-to-user binding. File: backend/app/services/env_var_service.py Method: get_runtime_env_map Why: Releases `admins_only` system environment variables whenever `requester_is_admin` is true, but trusts the forwarded `user_id` from the manager to determine this flag. # Reproduction 1. Seed a backend with an admin account and at least one system env var with `runtime_visibility=admins_only`. 2. Send an unauthenticated POST to executor-manager /api/v1/tasks with `user_id` set to the admin identity. 3. Observe that the backend creates a session bound to the spoofed admin user. 4. Verify via the backend internal runtime-env endpoint that the admin-spoofed user receives `admins_only` secrets while a regular user receives an empty map. # Impact - Impersonation of privileged identities across the manager-to-backend internal API trust boundary. - Retrieval of admin-only runtime secrets intended only for administrator-launched task executions. - Potential inheritance of execution-scoped resources tied to the spoofed identity (skills, plugins, presets, slash commands). - Unauthorized disclosure of runtime credentials and incorrect audit records.
Fuente⚠️ https://github.com/poco-ai/poco-claw/issues/137
Usuario
 Erichen (UID 98955)
Sumisión2026-06-12 10:34 (hace 1 mes)
Moderación2026-07-17 07:44 (1 month later)
EstadoDuplicado
Entrada de VulDB379757 [poco-ai poco-claw hasta 0.5.4 executor_manager API tasks.py create_task autenticación débil]
Puntos0

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!