| Titel | NousResearch Hermes Agent <= 75cbdfd06b Improper Authentication (CWE-287) |
|---|
| Beschreibung | # Technical Details
An Authentication Bypass via Cross-Guild Role Scan exists in the `DiscordAdapter._is_allowed_user` method in `gateway/platforms/discord.py` of Hermes Agent.
The application fails to scope `DISCORD_ALLOWED_ROLES` checks to the originating Discord guild. When direct role information is unavailable, such as in Direct Messages or voice-processing contexts, `_is_allowed_user` falls back to scanning every mutual guild shared by the bot and the user. If the user has a role whose ID matches an allowed role in any other guild, the method returns `True`, even if the role belongs to an unrelated public or attacker-controlled server. This allows privilege scope to bleed across Discord servers and grants unauthorized bot access through DMs or other fallback-triggering contexts.
# Vulnerable Code
File: `gateway/platforms/discord.py`
Method: `DiscordAdapter._is_allowed_user`
Why: The fallback logic iterates over `self._client.guilds`, calls `guild.get_member(user_id)`, reads each member's roles, and authorizes the user if any role ID appears in `DISCORD_ALLOWED_ROLES`, without confirming that the role belongs to the intended restricted guild.
# Reproduction
1. Configure Hermes Agent with `DISCORD_ALLOWED_ROLES` corresponding to a private restricted server.
2. Add the Hermes Agent bot to at least two guilds: the private restricted guild and a secondary public or attacker-controlled guild.
3. Give the attacker a role in the secondary guild whose ID matches the configured allowed role ID.
4. Download the PoC simulation script from `https://gist.github.com/YLChen-007/4490cd17b3c05ba3f43ea1e432f22e60`.
5. Run `python poc_discord_bypass.py` in the Hermes Agent environment.
6. Observe that the simulated DM attacker is authorized even though the matching role exists only in a different guild.
# Impact
- Full authentication bypass for Discord integrations using `DISCORD_ALLOWED_ROLES`.
- Unauthorized users can gain access by sharing any mutual guild with the bot and holding a role ID that matches the configured allowed role.
- Successful exploitation can permit arbitrary tool execution, memory extraction, data modification, and potential infrastructure compromise depending on enabled plugins and tools. |
|---|
| Quelle | ⚠️ https://gist.github.com/YLChen-007/d030c690b10a97319efb129ca2f5badb |
|---|
| Benutzer | Eric-a (UID 96353) |
|---|
| Einreichung | 02.06.2026 03:37 (vor 1 Monat) |
|---|
| Moderieren | 03.07.2026 19:08 (1 month later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 376143 [NousResearch hermes-agent bis 0.15.2 Discord Platform Integration discord.py DiscordAdapter._is_allowed_user schwache Authentisierung] |
|---|
| Punkte | 20 |
|---|