| タイトル | NousResearch hermes-agent <= v0.12.0 Authorization Bypass Through User-Controlled Key (CWE-639) |
|---|
| 説明 | # Technical Details
An Authorization Bypass exists in the `resolve_session_by_title` method in `hermes_state.py` and `gateway/run.py` of hermes-agent.
The application fails to restrict session title lookups to the requesting user's identity or platform, enabling global unscoped database queries.
# Vulnerable Code
File: hermes_state.py
Method: resolve_session_by_title / get_session_by_title
Why: The SQL queries resolve a session using only the `title` parameter without filtering by `user_id` or `source`. The callers in the gateway and CLI do not provide these authentication parameters.
# Reproduction
1. A victim creates a session and gives it a title (e.g., `SecretProject`).
2. An attacker on any platform sends the command `/resume SecretProject`.
3. The gateway looks up the title globally, retrieves the victim's session ID, and redirects the attacker's active session to it.
4. The attacker gains full access to the victim's conversation history.
# Impact
- Full read/write access to hijacked conversation history across multi-user deployments.
- Exposure of sensitive data, secrets, credentials, and PII.
- Agent command injection, allowing the attacker to execute tools and requests in the context of the victim's session. |
|---|
| ソース | ⚠️ https://gist.github.com/YLChen-007/7951b3dc39193fb675914cc5d8b672fa |
|---|
| ユーザー | Eric-b (UID 96354) |
|---|
| 送信 | 2026年05月14日 07:12 (27 日 ago) |
|---|
| モデレーション | 2026年06月07日 09:28 (24 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 369081 [NousResearch hermes-agent 迄 0.12.0 resume Endpoint hermes_state.py resolve_session_by_title タイトル 特権昇格] |
|---|
| ポイント | 20 |
|---|