漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
HKUDS OpenHarness Plugin Management Command Exposure
Vulnerability Description
HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attackers who gain access through the channel layer can remotely manage plugin trust and activation state, enabling unauthorized plugin installation and activation on the system.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
缺省权限不正确
Vulnerability Title
OpenHarness 安全漏洞
Vulnerability Description
OpenHarness是Data Intelligence Lab@HKU开源的一个轻量级智能体开发与运行框架。 OpenHarness PR #156之前版本存在安全漏洞,该漏洞源于默认暴露插件生命周期命令,可能导致攻击者远程管理插件信任和激活状态,进行未经授权的插件安装和激活。
CVSS Information
N/A
Vulnerability Type
N/A