OpenHarness Permission Bypass Vulnerability Allowing Sensitive File Access
Vulnerability
A permission bypass vulnerability has been identified in OpenHarness versions prior to the latest commit bd4df81. This vulnerability allows attackers to read sensitive files by taking advantage of incomplete path normalization in the permission checker. Exploitation involves using the built-in grep and glob tools with sensitive root directories that are not properly assessed against established path rules. As a result, attackers can access sensitive local file content, key material, configuration files, or directory contents, bypassing configured path restrictions.
Impact
Successful exploitation of this vulnerability could lead to unauthorized access to sensitive files, including private key material and other confidential data, such as configuration files or directory contents.
Reproduction
The vulnerability can be reproduced by invoking the grep or glob tools with sensitive root directories that are not properly normalized. This can be done by creating a directory that matches a sensitive path pattern and using it as the root argument for these tools. The permission checker will fail to apply the correct path rules, allowing access to restricted files.
Remediation
Users can update to the latest version of OpenHarness, which includes the necessary patch to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.