제출 #856814: poco-ai poco-agent 0.5.4 Server-Side Request Forgery / SSRF (CWE-918)정보

제목poco-ai poco-agent 0.5.4 Server-Side Request Forgery / SSRF (CWE-918)
설명# Technical Details An unauthenticated Server-Side Request Forgery (SSRF) exists in the `run_task` method in `executor/app/api/v1/task.py` of poco-agent. The executor accepts an untrusted `callback_url` in `POST /v1/tasks/execute` and later performs a server-side HTTP POST to that exact destination without any allowlist or SSRF validation (no rejection of loopback, RFC1918, link-local, or metadata targets). # Vulnerable Code File: executor/app/api/v1/task.py Method: run_task (POST /v1/tasks/execute) Why: Uses `req.callback_url` directly to construct `CallbackClient` and derive additional base URLs via `UserInputClient.resolve_base_url()` without any destination validation. File: executor/app/core/callback.py Method: CallbackClient.send Why: Issues an `httpx` POST to `self.callback_url` with no destination allowlisting, IP restriction, or network safety checks. The callback payload includes run/session metadata and agent status messages. File: executor/app/core/user_input.py Method: UserInputClient.resolve_base_url Why: Derives additional outbound client base URLs from the same untrusted callback coordinate, expanding the SSRF blast radius. # Reproduction 1. Start the real executor on 127.0.0.1:18180 and a canary callback listener on 127.0.0.1:18181. 2. Send POST /v1/tasks/execute with `callback_url=http://127.0.0.1:18181/api/v1/callback?canary=poco-executor-callback-url-ssrf`. 3. Observe that the canary listener receives a server-side POST from the executor host containing callback data. 4. Confirm that omitting `callback_url` causes the API to reject with HTTP 422, showing this field is the required trigger. # Impact - Trigger outbound HTTP requests from the executor host to loopback services. - Probe or interact with internal HTTP services reachable from the executor network. - Target cloud metadata endpoints if the executor runs in a cloud environment. - Receive callback payload data including run/session metadata and agent status messages.
원천⚠️ https://github.com/poco-ai/poco-claw/issues/138
사용자
 Erichen (UID 98955)
제출2026. 06. 12. AM 10:35 (1 월 ago)
모더레이션2026. 07. 17. AM 07:44 (1 month later)
상태수락
VulDB 항목379758 [poco-ai poco-claw 까지 0.5.4 task.py run_task callback_url 권한 상승]
포인트들20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!