| 标题 | poco-ai poco-agent 0.5.4 Missing Authentication for Critical Function (CWE-306) |
|---|
| 描述 | # Technical Details
An unauthenticated task creation vulnerability exists in the `create_task` method in `executor_manager/app/api/v1/tasks.py` of poco-agent.
The application exposes `POST /api/v1/tasks` without authentication and forwards the attacker-controlled `user_id` into a trusted backend internal session-creation request. The manager's `BackendClient.create_session()` attaches the internal `X-Internal-Token` alongside the attacker-supplied `X-User-Id`, effectively laundering an unauthenticated public request into a privileged backend-internal call.
# Vulnerable Code
File: executor_manager/app/api/v1/tasks.py
Method: create_task (POST /api/v1/tasks route)
Why: The public route accepts `TaskCreateRequest.user_id` directly and forwards it into `TaskService.create_task()` without any route-level authentication or internal-token guard.
File: executor_manager/app/services/backend_client.py
Method: create_session
Why: Translates attacker-controlled `user_id` into a trusted internal header (`X-User-Id`) alongside the manager's valid `X-Internal-Token`, crossing the internal impersonation boundary.
# Reproduction
1. Start the real executor_manager service with a valid INTERNAL_API_TOKEN configured.
2. Run a minimal backend observer on 127.0.0.1:19080 to capture internal calls.
3. Send an unauthenticated POST to /api/v1/tasks with a body containing `user_id: "victim-user-canary"`.
4. Observe that the backend observer records a call to `/api/v1/internal/sessions` carrying `X-Internal-Token` and `X-User-Id: victim-user-canary`.
5. Confirm that a direct unauthenticated request to the backend sink returns 403, proving the manager is the confused deputy.
# Impact
- Unauthenticated creation of backend sessions under attacker-chosen user identities.
- Ability to enqueue task execution as another user.
- Breaks the internal impersonation boundary protected by X-Internal-Token.
- Enables pivoting into downstream executor-side effects involving workspaces, callbacks, runtime configuration, and container-backed task execution. |
|---|
| 来源 | ⚠️ https://github.com/poco-ai/poco-claw/issues/136 |
|---|
| 用户 | Erichen (UID 98955) |
|---|
| 提交 | 2026-06-12 10時34分 (1 月前) |
|---|
| 管理 | 2026-07-17 07時44分 (1 month later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 379757 [poco-ai poco-claw 直到 0.5.4 executor_manager API tasks.py create_task 弱身份验证] |
|---|
| 积分 | 20 |
|---|