| Название | poco-ai poco-agent 0.5.4 Missing Authentication for Critical Function (CWE-306) |
|---|
| Описание | # Technical Details
An unauthenticated user spoofing vulnerability exists in the `create_task` method in `executor_manager/app/api/v1/tasks.py` of poco-agent.
An attacker can call the public executor-manager task creation API and supply an arbitrary `user_id`. The manager forwards that value into the backend's trusted internal session creation flow together with a valid `X-Internal-Token`, which causes the backend to persist a new session under the attacker-chosen identity. The backend's `get_current_user_id()` in `backend/app/core/deps.py` accepts any `X-User-Id` value when a valid internal token is present.
# Vulnerable Code
File: executor_manager/app/api/v1/tasks.py
Method: create_task (POST /api/v1/tasks route)
Why: Accepts `TaskCreateRequest` directly and forwards `request.user_id` without any authentication dependency.
File: backend/app/core/deps.py
Method: get_current_user_id
Why: Any request carrying a valid internal token is allowed to provide `X-User-Id` as the effective identity. When the manager presents the internal token, the backend trusts whatever `X-User-Id` was forwarded.
File: backend/app/api/v1/internal_sessions.py
Method: create_session_internal
Why: Consumes the trusted identity from `get_current_user_id()` and persists an AgentSession under that spoofed owner without verifying the identity was authenticated at the originating manager.
# Reproduction
1. Start a Docker Compose deployment with backend (127.0.0.1:18080) and executor-manager (127.0.0.1:18081).
2. Confirm the backend public task API rejects unauthenticated requests with 401.
3. Send an unauthenticated POST to executor-manager /api/v1/tasks with `user_id` set to a victim identity.
4. Observe the manager accepts the request (200) and the backend's independent session record shows `persisted_user_id` matching the spoofed victim.
# Impact
- Unauthorized session creation under arbitrary victim accounts.
- Corruption of ownership and audit data in backend session records.
- Bypass of the backend public task API's authentication gate.
- Potential follow-on abuse of task execution, billing/usage attribution, and downstream workflow ownership. |
|---|
| Источник | ⚠️ https://github.com/poco-ai/poco-claw/issues/139 |
|---|
| Пользователь | Erichen (UID 98955) |
|---|
| Представление | 12.06.2026 10:35 (1 месяц назад) |
|---|
| Модерация | 17.07.2026 07:44 (1 month later) |
|---|
| Статус | Дубликат |
|---|
| Запись VulDB | 379757 [poco-ai poco-claw до 0.5.4 executor_manager API tasks.py create_task слабая аутентификация] |
|---|
| Баллы | 0 |
|---|