hermes's raw options logging may disclose secrets passed in via subcommand options argument

Thanks, @thunze for reporting this! hermes subcommands take arbitrary options under the -O argument. These have been logged in raw form since https://github.com/softwarepub/hermes/commit/7f64f102e916c76dc44404b77ab2a80f5a4e59b1 in:...

Insertion of Sensitive Information into Log File

Overview hermes is a Workflow to publish research software with rich metadata Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the -O options argument handling process. An attacker can obtain sensitive information by accessing log files that...

CVE-2026-22798 hermes's raw options logging may disclose secrets passed in via subcommand options argument

hermes is an implementation of the HERMES workflow to automatize software publication with rich metadata. From 0.8.1 to before 0.9.1, hermes subcommands take arbitrary options under the -O argument. These have been logged in raw form. If users provide sensitive data such as API tokens e.g., via...

CVE-2026-22798 hermes's raw options logging may disclose secrets passed in via subcommand options argument

hermes is an implementation of the HERMES workflow to automatize software publication with rich metadata. From 0.8.1 to before 0.9.1, hermes subcommands take arbitrary options under the -O argument. These have been logged in raw form. If users provide sensitive data such as API tokens e.g., via...

CVE-2026-22798 hermes's raw options logging may disclose secrets passed in via subcommand options argument

hermes is an implementation of the HERMES workflow to automatize software publication with rich metadata. From 0.8.1 to before 0.9.1, hermes subcommands take arbitrary options under the -O argument. These have been logged in raw form. If users provide sensitive data such as API tokens e.g., via...

CVE-2026-22798

The CVE-2026-22798 issue affects the Hermes workflow tool. It concerns logging of arbitrary options passed via the -O argument, which could cause sensitive data (e.g., API tokens) to be written to log files in plaintext. This behavior occurs in Hermes releases from 0.8.1 up to before 0.9.1. Impac...

PT-2026-2310

Name of the Vulnerable Software and Affected Versions hermes versions 0.8.1 through 0.9.0 Description hermes, a software publication automation workflow, exhibits a flaw where subcommands accept arbitrary options through the -O argument. Providing sensitive data, such as API tokens e.g., via herm...