| Titre | NousResearch hermes-agent <= v0.12.0 Authorization Bypass Through User-Controlled Key (CWE-639) |
|---|
| Description | # Technical Details
An Authorization Bypass exists in the `resolve_session_by_title` method in `hermes_state.py` and `gateway/run.py` of hermes-agent.
The application fails to restrict session title lookups to the requesting user's identity or platform, enabling global unscoped database queries.
# Vulnerable Code
File: hermes_state.py
Method: resolve_session_by_title / get_session_by_title
Why: The SQL queries resolve a session using only the `title` parameter without filtering by `user_id` or `source`. The callers in the gateway and CLI do not provide these authentication parameters.
# Reproduction
1. A victim creates a session and gives it a title (e.g., `SecretProject`).
2. An attacker on any platform sends the command `/resume SecretProject`.
3. The gateway looks up the title globally, retrieves the victim's session ID, and redirects the attacker's active session to it.
4. The attacker gains full access to the victim's conversation history.
# Impact
- Full read/write access to hijacked conversation history across multi-user deployments.
- Exposure of sensitive data, secrets, credentials, and PII.
- Agent command injection, allowing the attacker to execute tools and requests in the context of the victim's session. |
|---|
| La source | ⚠️ https://gist.github.com/YLChen-007/7951b3dc39193fb675914cc5d8b672fa |
|---|
| Utilisateur | Eric-b (UID 96354) |
|---|
| Soumission | 14/05/2026 07:12 (il y a 26 jours) |
|---|
| Modérer | 07/06/2026 09:28 (24 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 369081 [NousResearch hermes-agent jusqu’à 0.12.0 resume Endpoint hermes_state.py resolve_session_by_title Titre élévation de privilèges] |
|---|
| Points | 20 |
|---|