HKUDS OpenHarness Plugin Management Command Exposure Vulnerability

A vulnerability in HKUDS OpenHarness prior to the PR #156 remediation allows plugin lifecycle commands, such as '/plugin install', '/plugin enable', '/plugin disable', and '/reload-plugins', to be exposed to remote senders by default. This exposure enables attackers with access through the channel layer to manage plugin trust and activation states remotely, potentially leading to unauthorized installation and activation of plugins on the system.

Impact

Exploitation of this vulnerability could result in unauthorized plugin installation and activation, allowing for potential code execution on the system, according to the VulnCheck Exploit Intelligence report.

Reproduction

To reproduce this vulnerability, access a version of HKUDS OpenHarness prior to the PR #156 remediation. Once in this environment, send a request to the '/plugin' or '/reload-plugins' commands. The absence of a warning or rejection indicates that the command is being processed remotely, demonstrating the vulnerability. After successfully exploiting the vulnerability, verify the installation of a plugin by checking the list of active plugins or the status of a specific plugin command.

Remediation

Users can update to HKUDS OpenHarness version 0.1.7 or later, where this vulnerability has been addressed.