जमा करें #856811: poco-ai poco-agent 0.5.4 Authorization Bypass Through User-Controlled Key (CWE-639)जानकारी

शीर्षकpoco-ai poco-agent 0.5.4 Authorization Bypass Through User-Controlled Key (CWE-639)
विवरण# Technical Details An unauthenticated workspace file disclosure exists in the `get_workspace_file` method in `executor_manager/app/api/v1/workspace.py` of poco-agent. The application fails to authenticate the requester or bind the caller-controlled `user_id` path parameter to a trusted identity. The route accepts `user_id` and `session_id` directly from the URL and passes them to `WorkspaceManager.resolve_workspace_file()` without any authentication dependency. # Vulnerable Code File: executor_manager/app/api/v1/workspace.py Method: get_workspace_file (route handler at `/file/{user_id}/{session_id}`) Why: The endpoint trusts caller-supplied `user_id` and `session_id` URL segments as the authorization context, with no AuthN/AuthZ dependency injected. Sibling routes for listing, archive, and deletion share the same pattern. File: executor_manager/app/services/workspace_manager.py Method: resolve_workspace_file Why: The resolver correctly constrains `path` traversal within the workspace root but fully trusts the caller-provided `user_id` and `session_id` when selecting which user's workspace directory to read from `WORKSPACE_ROOT/active/{user_id}/{session_id}/workspace`. # Reproduction 1. Identify a deployment where the executor_manager HTTP service is reachable. 2. Discover or guess a victim `user_id`, `session_id`, and a known workspace file name (e.g., `secrets.txt`). 3. Send an unauthenticated GET request to `/api/v1/workspace/file/{victim_user_id}/{victim_session_id}?path=secrets.txt`. 4. Observe that the response returns the victim's workspace file contents (HTTP 200), while the same request with the attacker's own `user_id` (who has no workspace) returns HTTP 400. # Impact - Unauthenticated disclosure of other users' workspace files including source code, task artifacts, debug logs, and potentially secrets. - The same root cause enables cross-user workspace enumeration, archiving, and deletion through sibling routes.
स्रोत⚠️ https://github.com/poco-ai/poco-claw/issues/133
उपयोगकर्ता
 Erichen (UID 98955)
सबमिशन12/06/2026 10:32 AM (1 महीना पहले)
संयम17/07/2026 07:44 AM (1 month later)
स्थितिप्रतिलिपि
VulDB प्रविष्टि378125 [poco-ai poco-claw तक 0.5.4 Workspace API workspace.py get_workspace_file user_id अधिकार वृद्धि]
अंक0

Want to know what is going to be exploited?

We predict KEV entries!