| tiêu đề | NousResearch hermes-agent 2026.4.23 Exposure of Sensitive Information (CWE-200) |
|---|
| Mô tả | # Technical Details
An Information Leak exists in the `_make_run_env()` method in `tools/environments/local.py` of hermes-agent.
The application fails to comprehensively filter sensitive messaging gateway credentials from the subprocess environment because `_EXTRA_ENV_KEYS` (which contains gateway credentials like `FEISHU_APP_SECRET`, `WECOM_SECRET`) is not included in the sanitization blocklist (`_build_provider_env_blocklist`).
# Vulnerable Code
File: tools/environments/local.py
Method: _make_run_env()
Why: The subprocess environment blocklist builder misses `_EXTRA_ENV_KEYS` defined in `hermes_cli/config.py`. When `LocalEnvironment._run_bash()` executes a command, these gateway credentials are inherited by the subprocess and can be printed or exfiltrated using `printenv`.
# Reproduction
1. Deploy `hermes-agent` configured with an actively supported messaging platform (e.g. Feishu, WeCom) with sensitive credentials set.
2. Inject a prompt requesting terminal/execute_code tool usage to run `env` or `printenv`.
3. The subprocess outputs the un-scrubbed environment variables.
4. Observe the leaked sensitive credentials in the output.
# Impact
- Exposure of sensitive internal configuration and messaging secrets.
- Full compromise of the messaging service gateway through stolen credentials, allowing an attacker to spoof communications and exfiltrate private organization data. |
|---|
| Nguồn | ⚠️ https://gist.github.com/YLChen-007/760b3940f708990e535214529c0c7a27 |
|---|
| Người dùng | Eric-i (UID 97584) |
|---|
| Đệ trình | 24/04/2026 14:42 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 23/05/2026 11:19 (29 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 365315 [NousResearch hermes-agent đến 2026.4.23 Messaging Gateway local.py _make_run_env tiết lộ thông tin] |
|---|
| điểm | 20 |
|---|