AntFleet

Disagreement · 75b0adf7-openai-0

Unauthenticated endpoints allow setting and deleting GitHub repo secrets via gh CLI

solo GPT-5
repo 6f7fc663·PR #25·reviewed 1 week ago

GPT-5 finding

Unauthenticated endpoints allow setting and deleting GitHub repo secrets via gh CLI

criticalsecurityhigh
  • dashboard/app/api/secrets/route.ts:96-105
  • dashboard/app/api/secrets/route.ts:112-118
  • dashboard/app/api/secrets/route.ts:124-133
  • dashboard/app/api/secrets/route.ts:135-137
  • dashboard/app/api/auth/route.ts:48-68
Both routes expose powerful actions over HTTP without any user authentication/authorization or CSRF protection. They only check local gh CLI auth, not the caller’s identity. An unauthenticated client can POST to set arbitrary repository secrets or DELETE them if the server is reachable, which is a severe privilege escalation and integrity risk.

Recommendation

Add robust authentication and authorization checks to all endpoints (e.g., session/token-based auth, role checks). If intended only for local dev, enforce localhost-only access or behind auth proxy. If cookie-based auth is used, add CSRF protection. Consider requiring an admin capability or signed requests before mutating GitHub secrets.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →
← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗