| शीर्षक | poco-ai poco-agent 0.5.4 Authorization Bypass Through User-Controlled Key (CWE-639) |
|---|
| विवरण | # Technical Details
An unauthenticated workspace file disclosure exists in the `get_workspace_file` method in `executor_manager/app/api/v1/workspace.py` of poco-agent.
The application fails to authenticate the requester or bind the caller-controlled `user_id` path parameter to a trusted identity. The route accepts `user_id` and `session_id` directly from the URL and passes them to `WorkspaceManager.resolve_workspace_file()` without any authentication dependency.
# Vulnerable Code
File: executor_manager/app/api/v1/workspace.py
Method: get_workspace_file (route handler at `/file/{user_id}/{session_id}`)
Why: The endpoint trusts caller-supplied `user_id` and `session_id` URL segments as the authorization context, with no AuthN/AuthZ dependency injected. Sibling routes for listing, archive, and deletion share the same pattern.
File: executor_manager/app/services/workspace_manager.py
Method: resolve_workspace_file
Why: The resolver correctly constrains `path` traversal within the workspace root but fully trusts the caller-provided `user_id` and `session_id` when selecting which user's workspace directory to read from `WORKSPACE_ROOT/active/{user_id}/{session_id}/workspace`.
# Reproduction
1. Identify a deployment where the executor_manager HTTP service is reachable.
2. Discover or guess a victim `user_id`, `session_id`, and a known workspace file name (e.g., `secrets.txt`).
3. Send an unauthenticated GET request to `/api/v1/workspace/file/{victim_user_id}/{victim_session_id}?path=secrets.txt`.
4. Observe that the response returns the victim's workspace file contents (HTTP 200), while the same request with the attacker's own `user_id` (who has no workspace) returns HTTP 400.
# Impact
- Unauthenticated disclosure of other users' workspace files including source code, task artifacts, debug logs, and potentially secrets.
- The same root cause enables cross-user workspace enumeration, archiving, and deletion through sibling routes. |
|---|
| स्रोत | ⚠️ https://github.com/poco-ai/poco-claw/issues/133 |
|---|
| उपयोगकर्ता | Erichen (UID 98955) |
|---|
| सबमिशन | 12/06/2026 10:32 AM (1 महीना पहले) |
|---|
| संयम | 17/07/2026 07:44 AM (1 month later) |
|---|
| स्थिति | प्रतिलिपि |
|---|
| VulDB प्रविष्टि | 378125 [poco-ai poco-claw तक 0.5.4 Workspace API workspace.py get_workspace_file user_id अधिकार वृद्धि] |
|---|
| अंक | 0 |
|---|