漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenHarness Permission Bypass via grep and glob root argument
Vulnerability Description
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not properly evaluated against configured path rules, allowing disclosure of sensitive local file content, key material, configuration files, or directory contents despite configured path restrictions.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
OpenHarness 安全漏洞
Vulnerability Description
OpenHarness是Data Intelligence Lab@HKU开源的一个轻量级智能体开发与运行框架。 OpenHarness存在安全漏洞,该漏洞源于权限检查器中路径规范化不完整,可能导致敏感文件读取。
CVSS Information
N/A
Vulnerability Type
N/A