Executive Summary
A vulnerability in stigmem-node, a multi-tenant node, allows an attacker with write credentials for one tenant to execute a decay sweep that impacts all tenants. This can result in cross-tenant data destruction or information disclosure. The vulnerability is rated with a CVSS score of 7.2 and is exploitable only in multi-tenant deployments.
Technical Analysis
The vulnerability is caused by the lack of a `tenant_id` predicate in the candidate-selection queries in `lifecycle/decay.py`, specifically in `_select_ttl_candidates` and `_select_confidence_candidates`. Additionally, the caller's tenant information is not properly threaded into the sweep or its async worker (`run_decay_sweep` / `_decay_job_worker`). This is reachable via a `POST /v1/decay/sweep` request. The root cause is incorrect authorization, classified under CWE-863.
How It Gets Exploited
An attacker with write credentials for one tenant on a multi-tenant stigmem-node deployment can exploit this vulnerability by sending a `POST /v1/decay/sweep` request. The request can trigger a decay sweep that affects all tenants' facts. For example, a sweep with `ttl_seconds=0` can expire all tenants' facts, leading to cross-tenant data destruction. Alternatively, a `dry_run` sweep can return a global candidate count, acting as a cross-tenant existence/volume oracle, leading to information disclosure.
Impact Assessment
The vulnerability affects stigmem-node deployments with the `stigmem-plugin-multi-tenant` plugin, which allows multiple tenants on one node. Single-tenant deployments are not affected. The CVSS score for this vulnerability is 7.2, indicating a high severity level. An attacker can achieve cross-tenant data destruction or information disclosure.
Recommended Actions
To mitigate this vulnerability, update stigmem-node to version 0.9.0a12 or later. This version includes patches that thread `identity.tenant_id` into `run_decay_sweep` and `_decay_job_worker`, and add `AND tenant_id = ?` to the candidate selectors and graph-sync. No workarounds are available other than upgrading.
Sources
- GitHub Security Advisories: GHSA-6gqw-jqv7-v88m