Spacebot's cron job system has a privacy issue where output meant for private channels (DMs) can end up in public channels when the target channel is inactive.
The problem
When a cron job finishes, Spacebot tries to deliver the output to the delivery_target. If that channel is inactive (no recent messages), the system logs "injection target channel not active, notification will be delivered on next message" and queues the output.
The queued output then gets injected into the next active channel for that agent, whether that channel is public or private.
Impact
This caused an end of day activity digest with private information to be sent to a public Discord channel, exposing personal details to everyone on the server.
Steps to reproduce
- Create a cron job with delivery_target set to a Discord DM
- Make sure the DM channel is inactive
- Make sure the agent has a binding to a public channel that IS active
- When the cron job runs, the output gets queued and then injected into the public channel
Expected behavior
Cron output should only go to the configured delivery_target. If the target is a DM and is inactive, the system should either wait for that DM to become active, send directly to the DM, or fail with a logged error instead of redirecting somewhere else.
Actual behavior
Queued output gets injected into any active channel for the agent, including public ones.
Spacebot's cron job system has a privacy issue where output meant for private channels (DMs) can end up in public channels when the target channel is inactive.
The problem
When a cron job finishes, Spacebot tries to deliver the output to the delivery_target. If that channel is inactive (no recent messages), the system logs "injection target channel not active, notification will be delivered on next message" and queues the output.
The queued output then gets injected into the next active channel for that agent, whether that channel is public or private.
Impact
This caused an end of day activity digest with private information to be sent to a public Discord channel, exposing personal details to everyone on the server.
Steps to reproduce
Expected behavior
Cron output should only go to the configured delivery_target. If the target is a DM and is inactive, the system should either wait for that DM to become active, send directly to the DM, or fail with a logged error instead of redirecting somewhere else.
Actual behavior
Queued output gets injected into any active channel for the agent, including public ones.