Nesquena Hermes-WebUI Environment Variable Leakage Vulnerability

A vulnerability exists in Nesquena Hermes-WebUI that allows for environment variable leakage between user profiles. The issue arises because the application does not clear environment variables from the previous profile before loading the next one. This oversight enables users or attackers to exploit the additive behavior of dotenv file loading to access sensitive information, such as API keys, from one profile in another, thereby undermining the intended security separation between profiles.

Impact

Exploitation of this vulnerability can lead to unauthorized access to sensitive environment variables, including API keys and other confidential information, from one user profile in another, disrupting the expected security isolation between profiles.

Reproduction

To reproduce this vulnerability, switch between profiles in Hermes-WebUI without the application clearing the environment variables from the previous profile. After switching, the API keys and other secrets from the first profile will still be accessible in the second profile, demonstrating the lack of proper isolation.

Remediation

Users should update to Hermes-WebUI version 0.50.134 or later, where this vulnerability has been fixed.