2.6 KiB
GHSA Draft: Unauthenticated mesh sync in agentmemory
Severity: High · CVSS 3.1: 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
CWE: CWE-306 — Missing Authentication for Critical Function, CWE-862 — Missing Authorization
Affected versions: < 0.8.2
Patched version: 0.8.2
Summary
agentmemory's mesh federation feature (P2P sync between instances) accepted push/pull requests on its /agentmemory/mesh/* endpoints without requiring authentication. The mesh sync function also did not send any Authorization header when calling peer instances, meaning the federation protocol was entirely unauthenticated.
Impact
Any attacker who could reach a mesh-enabled agentmemory instance could:
- Push fake memories via
POST /agentmemory/mesh/receive— inject attacker-controlled observations, actions, semantic memories, and relations into the target's memory store. This poisons future retrievals and could be used to manipulate what the target's AI agent sees. - Pull the entire memory store via
GET /agentmemory/mesh/export— download all memories, actions, and graph data marked as mesh-shareable. - Chain with advisory #03 — combined with the default
0.0.0.0binding, mesh endpoints were reachable from any device on the local network without any authentication.
Mesh is opt-in (requires an explicit peer registration), so this affected only users who had enabled federation. But those users had no authentication at all.
Patches
Fixed in 0.8.2:
- All 5 mesh REST endpoints (
mesh-register,mesh-list,mesh-sync,mesh-receive,mesh-export) now return 503 with"mesh requires AGENTMEMORY_SECRET"if the secret is not configured - The
mem::mesh-syncfunction now accepts ameshAuthTokenparameter and refuses to sync at all if the token is missing - Outgoing push/pull requests include
Authorization: Bearer <secret>headers - Server-side, all mesh endpoints check bearer auth via the existing
checkAuthhelper
Workarounds
Users on affected versions who have mesh federation enabled should:
- Set
AGENTMEMORY_SECRETto a strong random value on both peers - Restart the server
- Upgrade to 0.8.2 at the earliest opportunity
Users who have not enabled mesh federation are not affected by this specific issue, but should still upgrade for the other 5 fixes.
References
Credit
@eng-pf