kubectl-mcp-server Command Injection Vulnerability in minimal_wrapper.py Component

A command injection vulnerability exists in the minimal_wrapper.py file of kubectl-mcp-server version 1.1.1 and prior. The vulnerability allows attackers to execute arbitrary commands by injecting shell metacharacters, which are then interpreted by the command shell due to the subprocess.run() function being called with shell=True. This could lead to unauthorized execution of system commands on the server where kubectl-mcp-server is running.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the host system where kubectl-mcp-server is running.

Reproduction

The vulnerability can be reproduced by sending a crafted input to the 'run_kubectl_command()' function in 'minimal_wrapper.py'. The input should include shell metacharacters that the command shell will interpret as command separators or command execution triggers. For example, injecting 'get pods; id >> /tmp/pwned' would execute the 'kubectl get pods' command followed by the 'id' command, appending the output to a file named '/tmp/pwned'.

Remediation

Users are advised to update kubectl-mcp-server to version 1.2.0 or later, where this vulnerability has been fixed.