| 제목 | poco-ai poco-agent 0.5.4 Missing Authentication for Critical Function (CWE-306) |
|---|
| 설명 | # Technical Details
An authorization flaw exists in the `create_task` method in `executor_manager/app/api/v1/tasks.py` of poco-agent allowing any network client to supply an arbitrary `user_id`, impersonate another user across the manager-to-backend internal trust boundary, and retrieve execution-scoped privileged resources tied to that identity.
The manager forwards the attacker-controlled `user_id` into backend session creation, and the backend's runtime environment resolution (`env_var_service.get_runtime_env_map`) trusts the forwarded identity to decide whether `admins_only` system secrets should be returned.
# Vulnerable Code
File: executor_manager/app/api/v1/tasks.py
Method: create_task (POST /api/v1/tasks route)
Why: Accepts `request.user_id` directly from the request body and passes it into `TaskService.create_task()` with no authentication or caller-to-user binding.
File: backend/app/services/env_var_service.py
Method: get_runtime_env_map
Why: Releases `admins_only` system environment variables whenever `requester_is_admin` is true, but trusts the forwarded `user_id` from the manager to determine this flag.
# Reproduction
1. Seed a backend with an admin account and at least one system env var with `runtime_visibility=admins_only`.
2. Send an unauthenticated POST to executor-manager /api/v1/tasks with `user_id` set to the admin identity.
3. Observe that the backend creates a session bound to the spoofed admin user.
4. Verify via the backend internal runtime-env endpoint that the admin-spoofed user receives `admins_only` secrets while a regular user receives an empty map.
# Impact
- Impersonation of privileged identities across the manager-to-backend internal API trust boundary.
- Retrieval of admin-only runtime secrets intended only for administrator-launched task executions.
- Potential inheritance of execution-scoped resources tied to the spoofed identity (skills, plugins, presets, slash commands).
- Unauthorized disclosure of runtime credentials and incorrect audit records. |
|---|
| 원천 | ⚠️ https://github.com/poco-ai/poco-claw/issues/137 |
|---|
| 사용자 | Erichen (UID 98955) |
|---|
| 제출 | 2026. 06. 12. AM 10:34 (1 월 ago) |
|---|
| 모더레이션 | 2026. 07. 17. AM 07:44 (1 month later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 379757 [poco-ai poco-claw 까지 0.5.4 executor_manager API tasks.py create_task 약한 인증] |
|---|
| 포인트들 | 0 |
|---|