| 제목 | NousResearch hermes-agent 2026.5.29.2 Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) (CWE-22) |
|---|
| 설명 | # Technical Details
A path traversal information disclosure exists in the `[skill_view]` method in `tools/skills_tool.py` of hermes-agent.
The application fails to enforce containment before joining attacker-controlled skill names into trusted search roots. A traversal value such as `../outside-skill` can escape `~/.hermes/skills/`, select a sibling directory containing `SKILL.md`, and then use a benign `file_path` like `.env` to read files from that escaped directory.
# Vulnerable Code
File: `tools/skills_tool.py`, `tools/path_security.py`
Method: `skill_view`, `validate_within_dir`
Why: `skill_view()` constructs `direct_path = search_dir / name` and records it if it contains `SKILL.md`, before rejecting escaped directories. The later `validate_within_dir(target_file, skill_dir)` check is applied relative to the already attacker-selected escaped `skill_dir`, so `.env` passes and is disclosed.
# Reproduction
1. Prepare an isolated `HERMES_HOME` with `skills/legit-skill/SKILL.md`, sibling `outside-skill/SKILL.md`, and sibling `outside-skill/.env`.
2. Invoke the real Hermes dispatcher with `{"name":"../outside-skill"}` and then `{"name":"../outside-skill","file_path":".env"}`.
3. Observe responses showing `path="../outside-skill/SKILL.md"` and `content="ESCAPED_SECRET=issue220_variant\n"`, while the control case using `name="legit-skill"` only reads in-tree files.
# Impact
- Attackers who can influence `skill_view` arguments can read files outside the trusted skills directory.
- Practical disclosures include `.env` secrets, API keys, tokens, webhook credentials, and private reference files colocated beside the skills tree. |
|---|
| 원천 | ⚠️ https://github.com/NousResearch/hermes-agent/issues/38643 |
|---|
| 사용자 | Eric-y (UID 95889) |
|---|
| 제출 | 2026. 06. 04. AM 08:50 (1 월 ago) |
|---|
| 모더레이션 | 2026. 07. 05. PM 04:00 (1 month later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 376373 [NousResearch hermes-agent 2026.5.29.2 tools/skills_tool.py skill_view 이름 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|