Отправить #847502: NousResearch hermes-agent 2026.5.29.2 Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) (CWE-22)Информация

НазваниеNousResearch hermes-agent 2026.5.29.2 Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) (CWE-22)
Описание# Technical Details A path traversal information disclosure exists in the `[skill_view]` method in `tools/skills_tool.py` of hermes-agent. The application fails to enforce containment before joining attacker-controlled skill names into trusted search roots. A traversal value such as `../outside-skill` can escape `~/.hermes/skills/`, select a sibling directory containing `SKILL.md`, and then use a benign `file_path` like `.env` to read files from that escaped directory. # Vulnerable Code File: `tools/skills_tool.py`, `tools/path_security.py` Method: `skill_view`, `validate_within_dir` Why: `skill_view()` constructs `direct_path = search_dir / name` and records it if it contains `SKILL.md`, before rejecting escaped directories. The later `validate_within_dir(target_file, skill_dir)` check is applied relative to the already attacker-selected escaped `skill_dir`, so `.env` passes and is disclosed. # Reproduction 1. Prepare an isolated `HERMES_HOME` with `skills/legit-skill/SKILL.md`, sibling `outside-skill/SKILL.md`, and sibling `outside-skill/.env`. 2. Invoke the real Hermes dispatcher with `{"name":"../outside-skill"}` and then `{"name":"../outside-skill","file_path":".env"}`. 3. Observe responses showing `path="../outside-skill/SKILL.md"` and `content="ESCAPED_SECRET=issue220_variant\n"`, while the control case using `name="legit-skill"` only reads in-tree files. # Impact - Attackers who can influence `skill_view` arguments can read files outside the trusted skills directory. - Practical disclosures include `.env` secrets, API keys, tokens, webhook credentials, and private reference files colocated beside the skills tree.
Источник⚠️ https://github.com/NousResearch/hermes-agent/issues/38643
Пользователь
 Eric-y (UID 95889)
Представление04.06.2026 08:50 (1 месяц назад)
Модерация05.07.2026 16:00 (1 month later)
Статуспринято
Запись VulDB376373 [NousResearch hermes-agent 2026.5.29.2 tools/skills_tool.py skill_view Имя обход каталога]
Баллы20

Do you know our Splunk app?

Download it now for free!