HKUDS OpenHarness Insecure Default Remote Channel Allowlist Vulnerability

A vulnerability exists in HKUDS OpenHarness versions prior to the PR #147 remediation, where remote channels are assigned an insecure default allowlist. This configuration allows arbitrary remote senders to bypass admission checks and access host-backed agent runtimes. Such access could lead to unauthorized file disclosures and read access through default-enabled read-only tools.

Impact

Exploitation of this vulnerability could result in unauthorized access to files and read access through default-enabled read-only tools, according to the VulnCheck Exploit Intelligence report.

Reproduction

The vulnerability can be reproduced by initializing a channel in OpenHarness without configuring the 'allow_from' parameter. This can be done through the command line interface by creating a new channel and leaving the 'allow_from' field blank, which will default to allowing all remote senders. Once the channel is active, any remote sender can bypass access controls and interact with the host-backed agent runtime.

Remediation

Users can update to OpenHarness version 0.1.7 or later, where this vulnerability has been addressed.