Evernote-MCP-Server Command Injection Vulnerability in openBrowser Function Allows Privilege Escalation
Vulnerability
A command injection vulnerability has been identified in the Evernote-MCP-Server within the openBrowser function. This issue allows local attackers to escalate privileges by injecting arbitrary commands that are executed with the rights of the service account. The vulnerability arises from inadequate validation of user-supplied strings, enabling the execution of malicious commands via the OAuth token parameter. To exploit this vulnerability, an attacker must first have the ability to run low-privileged code on the target system.
Impact
Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing attackers to execute arbitrary code with elevated rights on the affected system.
Reproduction
The vulnerability can be reproduced by manipulating the OAuth response to include a crafted oauth_token parameter that injects shell commands. This can be done through a man-in-the-middle attack, a malicious redirect, or by exploiting a misconfigured server endpoint.
Remediation
Users are advised to update to the latest version of Evernote-MCP-Server, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.