| タイトル | poco-ai poco-agent 0.5.4 Missing Authentication for Critical Function (CWE-306) |
|---|
| 説明 | # Technical Details
An authorization flaw exists in the `create_task` method in `executor_manager/app/api/v1/tasks.py` of poco-agent allowing any network client to supply an arbitrary `user_id`, impersonate another user across the manager-to-backend internal trust boundary, and retrieve execution-scoped privileged resources tied to that identity.
The manager forwards the attacker-controlled `user_id` into backend session creation, and the backend's runtime environment resolution (`env_var_service.get_runtime_env_map`) trusts the forwarded identity to decide whether `admins_only` system secrets should be returned.
# Vulnerable Code
File: executor_manager/app/api/v1/tasks.py
Method: create_task (POST /api/v1/tasks route)
Why: Accepts `request.user_id` directly from the request body and passes it into `TaskService.create_task()` with no authentication or caller-to-user binding.
File: backend/app/services/env_var_service.py
Method: get_runtime_env_map
Why: Releases `admins_only` system environment variables whenever `requester_is_admin` is true, but trusts the forwarded `user_id` from the manager to determine this flag.
# Reproduction
1. Seed a backend with an admin account and at least one system env var with `runtime_visibility=admins_only`.
2. Send an unauthenticated POST to executor-manager /api/v1/tasks with `user_id` set to the admin identity.
3. Observe that the backend creates a session bound to the spoofed admin user.
4. Verify via the backend internal runtime-env endpoint that the admin-spoofed user receives `admins_only` secrets while a regular user receives an empty map.
# Impact
- Impersonation of privileged identities across the manager-to-backend internal API trust boundary.
- Retrieval of admin-only runtime secrets intended only for administrator-launched task executions.
- Potential inheritance of execution-scoped resources tied to the spoofed identity (skills, plugins, presets, slash commands).
- Unauthorized disclosure of runtime credentials and incorrect audit records. |
|---|
| ソース | ⚠️ https://github.com/poco-ai/poco-claw/issues/137 |
|---|
| ユーザー | Erichen (UID 98955) |
|---|
| 送信 | 2026年06月12日 10:34 (1 月 ago) |
|---|
| モデレーション | 2026年07月17日 07:44 (1 month later) |
|---|
| ステータス | 重複 |
|---|
| VulDBエントリ | 379757 [poco-ai poco-claw 迄 0.5.4 executor_manager API tasks.py create_task 弱い認証] |
|---|
| ポイント | 0 |
|---|