NousResearch Hermes-Agent WeCom Adapter Path Traversal Vulnerability Allowing Arbitrary File Read

A path traversal vulnerability has been identified in the WeCom (WeChat Work) platform adapter of NousResearch hermes-agent version 0.8.0. The issue arises because the adapter processes 'file://' URLs for media attachments without proper validation of the file path, allowing remote attackers to read arbitrary files from the server's filesystem. This includes sensitive files such as configuration files, SSH keys, and API credentials. The vulnerability is exploitable through the WeCom messaging platform, where an attacker can send a message that triggers the reading of a file via a 'file://' URL.

Impact

Exploitation of this vulnerability allows for arbitrary file reads, with confirmed exfiltration of API keys and other sensitive files through WeCom or the hermes-agent API.

Reproduction

The vulnerability can be reproduced by sending a WeCom message that includes a 'file://' URL pointing to a sensitive file. The WeCom adapter will read the file and upload its contents to the WeCom API, where it can be accessed by the attacker. This can also be done through the hermes-agent API by using the 'read_file' tool to specify a file path, which will bypass any directory restrictions and return the file content.

Remediation

The vulnerability has been fixed in version 0.8.1. Users should update to this version.