Open Source Kubectl MCP Server Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Open Source Kubectl MCP Server version 1.1.1. This issue allows attackers to execute arbitrary code on a victim's system through user interaction with a specially crafted HTML page. The vulnerability arises because the MCP server listens for incoming requests from the web, and when a malicious website is visited, it can send a payload that exploits the server's behavior to execute commands on the victim's machine. This exploitation can lead to a complete takeover of the system and any connected Kubernetes clusters.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the victim's machine, with the executed commands running in the context of the user. This could lead to a full compromise of the system and any Kubernetes clusters the user has access to, including exposure of Kubernetes credentials and service accounts, and the ability to deploy malicious containers or modify existing deployments.

Reproduction

To reproduce this vulnerability, first ensure that Kubectl MCP Server version 1.1.1 is running in the background. Then, visit a malicious website that can send a crafted request to the local server. The website can exploit the vulnerability by injecting commands into the request, which are then executed on the victim's machine. This can be done using a payload that, for example, echoes 'pwned' into a file, demonstrating successful code execution.

Remediation

Users are advised to update to version 1.2.0 or later, where this vulnerability has been patched. Additionally, avoid running untrusted MCP servers with direct web access, and scope Kubernetes credentials and service accounts to the minimum necessary privileges.