漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
HKUDS OpenHarness Session Key Collision Privilege Escalation
Vulnerability Description
HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attackers can reuse another user's conversation state and replace or interrupt their active tasks by colliding into the same session boundary through the shared chat or thread scope.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
认证机制不恰当
Vulnerability Title
OpenHarness 安全漏洞
Vulnerability Description
OpenHarness是Data Intelligence Lab@HKU开源的一个轻量级智能体开发与运行框架。 OpenHarness存在安全漏洞,该漏洞源于会话密钥派生问题,可能导致经过身份验证的参与者通过利用缺乏发送方身份验证的共享ohmo会话密钥来劫持其他用户的会话。
CVSS Information
N/A
Vulnerability Type
N/A