This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: MCP Atlassian has a critical path traversal flaw in `confluence_download_attachment`.β¦
π‘οΈ **Root Cause**: **CWE-22** (Improper Limitation of a Pathname to a Restricted Directory). <br>β **Flaw**: The tool fails to enforce strict directory boundaries on the `download_path` parameter.β¦
π₯ **Affected**: **MCP Atlassian** by developer Hyeonsoo Lee (Vendor: sooperset). <br>π **Version**: All versions **prior to 0.17.0**. π« Version 0.17.0+ is safe.
Q4What can hackers do? (Privileges/Data)
π **Attacker Actions**: <br>1. **Read**: Access arbitrary files on the host. <br>2. **Execute**: Achieve **Arbitrary Code Execution**. <br>π **Privileges**: High!β¦
π **Threshold**: **Medium**. <br>π **Auth**: Requires **Low Privileges** (PR:L). <br>π **Access**: Network Adjacent (AV:A). <br>π **UI**: No User Interaction needed (UI:N). β‘ Easy to exploit if authenticated.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π΅οΈ **Public Exploit**: **No**. <br>π **PoC**: Empty in data (`pocs: []`). <br>π **Wild Exploitation**: None reported yet. π Wait for community PoCs.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: <br>1. Check `mcp-atlassian` version. <br>2. Look for `confluence_download_attachment` tool usage. <br>3. Scan for unvalidated `download_path` inputs in your MCP server config. π§
Q8Is it fixed officially? (Patch/Mitigation)
β **Fixed**: **Yes**. <br>π§ **Patch**: Update to **v0.17.0** or later. <br>π **Commit**: `52b9b0997681e87244b20d58034deae89c91631e`. π¦
Q9What if no patch? (Workaround)
π§ **No Patch Workaround**: <br>1. **Disable** the `confluence_download_attachment` tool if not needed. <br>2. **Restrict** network access to the MCP server. <br>3.β¦