OpenHarness Server-Side Request Forgery Vulnerability in Web Tools

A server-side request forgery (SSRF) vulnerability has been identified in OpenHarness versions prior to the patch in commit bd4df81. This vulnerability exists within the web_fetch and web_search tools, allowing attackers to access private or localhost HTTP services. The issue arises from inadequate validation of target addresses in tool parameters, enabling exploitation of loopback, RFC1918, link-local, or other non-public addresses. As a result, attackers could read response bodies from local development services, cloud metadata endpoints, admin panels, or other private HTTP services accessible from the victim host.

Impact

Exploitation of this vulnerability allows for unauthorized access to private HTTP services, potentially leading to exposure of sensitive information or administrative interfaces.

Reproduction

The vulnerability can be reproduced by sending a request through the web_fetch or web_search tools with manipulated parameters that include unvalidated target addresses. This can be done by directing the tools to access loopback or private network addresses, which will then relay the response from those local services back to the attacker.

Remediation

Users are advised to update to the latest version of OpenHarness, where this vulnerability has been addressed.