Description
The application lacks a robust, globally enforced authentication system or session validation middleware. While a rudimentary cryptographic "lock" feature exists to restrict execution of specific scripts (check_lock in /api/scripts/run), the majority of the application's sensitive endpoints remain completely unprotected.
Because authentication is not enforced globally at the application level, attackers can trivially bypass script-level locks and compromise the system by interacting directly with unprotected endpoints.
Attack Vectors
- Arbitrary File Modification (
/api/scripts/content): An attacker can interact with the content API to read, write, or overwrite arbitrary scripts. By modifying a locked script directly, they can completely bypass the lock restrictions.
- Unauthorized Git Operations (
/api/git/pr): An attacker can initiate unauthorized Git commits or push operations, potentially polluting the repository or exfiltrating sensitive data.
- Bypassing Restrictions via Exec (
/api/exec): (Note: If not previously patched) An attacker can leverage the open terminal endpoint to execute arbitrary system commands, bypassing the script lock execution wrapper entirely.
Impact
This vulnerability completely undermines the application's security posture. Any unauthenticated user with network access to the web server can read/write files on the host system, tamper with repositories, and escalate privileges via unauthenticated execution vectors.
Suggested Mitigation
- Implement Global Authentication: Introduce an application-wide authentication layer (e.g., Bearer Token, JWT, or Flask-Login session management) using a
before_request middleware hook.
- Require Master Key: Require users to authenticate with a master password or setup token upon initializing the application before any API routes can be accessed.
- Endpoint Validation: Ensure that all endpoints (
/api/scripts/content, /api/scripts/save, /api/git/pr, etc.) inherit the global authentication requirements, explicitly returning 401 Unauthorized for unauthenticated requests.
Description
The application lacks a robust, globally enforced authentication system or session validation middleware. While a rudimentary cryptographic "lock" feature exists to restrict execution of specific scripts (
check_lockin/api/scripts/run), the majority of the application's sensitive endpoints remain completely unprotected.Because authentication is not enforced globally at the application level, attackers can trivially bypass script-level locks and compromise the system by interacting directly with unprotected endpoints.
Attack Vectors
/api/scripts/content): An attacker can interact with the content API to read, write, or overwrite arbitrary scripts. By modifying a locked script directly, they can completely bypass the lock restrictions./api/git/pr): An attacker can initiate unauthorized Git commits or push operations, potentially polluting the repository or exfiltrating sensitive data./api/exec): (Note: If not previously patched) An attacker can leverage the open terminal endpoint to execute arbitrary system commands, bypassing the script lock execution wrapper entirely.Impact
This vulnerability completely undermines the application's security posture. Any unauthenticated user with network access to the web server can read/write files on the host system, tamper with repositories, and escalate privileges via unauthenticated execution vectors.
Suggested Mitigation
before_requestmiddleware hook./api/scripts/content,/api/scripts/save,/api/git/pr, etc.) inherit the global authentication requirements, explicitly returning401 Unauthorizedfor unauthenticated requests.