GHSA-8ccj-p46r-jwqq
PraisonAI: PRAISONAI_CALL_AUTH=disabled environment variable unconditionally disables authentication
상세
### Summary Setting `PRAISONAI_CALL_AUTH=disabled` completely disables all authentication on the `/api/v1/agents/{id}/invoke` endpoint. This bypass is advertised in the application's own error messages, making it likely to appear in production Docker and Compose configurations.
### Details
```python # src/praisonai/praisonai/api/agent_invoke.py:32 _CALL_AUTH_DISABLED = os.getenv('PRAISONAI_CALL_AUTH', '').lower() == 'disabled'
async def verify_token(...) -> None: if _CALL_AUTH_DISABLED: return # all authentication skipped unconditionally ```
The application's own error message advertises the bypass: > "Set CALL_SERVER_TOKEN or PRAISONAI_CALL_AUTH=disabled to run without authentication."
This causes the setting to appear in Docker/Compose configurations as a convenience option.
### Proof of Concept
```python import os os.environ["PRAISONAI_CALL_AUTH"] = "disabled" # verify_token() now returns immediately for any request # POST /api/v1/agents/any-agent/invoke → 200 OK (no token needed) ```
Common vulnerable deployment:
```yaml # docker-compose.yml environment: - PRAISONAI_CALL_AUTH=disabled # auth completely disabled ```
### Impact Full unauthenticated access to the agent invocation API. Any agent registered on the server can be triggered without credentials, potentially executing arbitrary actions depending on the agent's configured tools.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.