OpenHarness Improper Access Control Vulnerability in File Tools Allowing Arbitrary File Access

A vulnerability exists in OpenHarness built-in file tools prior to commit 166fcfe, where improper access control allows attackers to read arbitrary local files outside the intended repository scope. This issue arises from inconsistent parameter handling in permission enforcement, enabling exploitation of the path parameter not being properly passed to the PermissionChecker. As a result, attackers can bypass deny rules to access sensitive files such as configuration files, credentials, and SSH material. Additionally, in full_auto mode, they can create and overwrite files in restricted host paths.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files and materials, including configuration files, credentials, and SSH-related items. Furthermore, it allows for the creation and overwriting of files in restricted host paths when operating in full_auto mode.

Reproduction

The vulnerability can be reproduced by influencing agent tool execution to use the affected file tools, specifically read_file, write_file, edit_file, and notebook_edit. The path parameter can be manipulated to access files outside the intended scope, such as sensitive configuration or SSH files. In full_auto mode, this exploitation can also be used to create or overwrite files in restricted areas of the host.

Remediation

Users can update to the latest version of OpenHarness, as the vulnerability has been addressed in the commit referenced in this advisory.