| 标题 | NousResearch hermes-agent 2026.4.23 Exposure of Sensitive Information (CWE-200) |
|---|
| 描述 | # Technical Details
An Information Leak exists in the `_make_run_env()` method in `tools/environments/local.py` of hermes-agent.
The application fails to comprehensively filter sensitive messaging gateway credentials from the subprocess environment because `_EXTRA_ENV_KEYS` (which contains gateway credentials like `FEISHU_APP_SECRET`, `WECOM_SECRET`) is not included in the sanitization blocklist (`_build_provider_env_blocklist`).
# Vulnerable Code
File: tools/environments/local.py
Method: _make_run_env()
Why: The subprocess environment blocklist builder misses `_EXTRA_ENV_KEYS` defined in `hermes_cli/config.py`. When `LocalEnvironment._run_bash()` executes a command, these gateway credentials are inherited by the subprocess and can be printed or exfiltrated using `printenv`.
# Reproduction
1. Deploy `hermes-agent` configured with an actively supported messaging platform (e.g. Feishu, WeCom) with sensitive credentials set.
2. Inject a prompt requesting terminal/execute_code tool usage to run `env` or `printenv`.
3. The subprocess outputs the un-scrubbed environment variables.
4. Observe the leaked sensitive credentials in the output.
# Impact
- Exposure of sensitive internal configuration and messaging secrets.
- Full compromise of the messaging service gateway through stolen credentials, allowing an attacker to spoof communications and exfiltrate private organization data. |
|---|
| 来源 | ⚠️ https://gist.github.com/YLChen-007/760b3940f708990e535214529c0c7a27 |
|---|
| 用户 | Eric-i (UID 97584) |
|---|
| 提交 | 2026-04-24 14時42分 (1 月前) |
|---|
| 管理 | 2026-05-23 11時19分 (29 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 365315 [NousResearch hermes-agent 直到 2026.4.23 Messaging Gateway local.py _make_run_env 信息公开] |
|---|
| 积分 | 20 |
|---|