Indrasishbanerjee AEM MCP Server Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability exists in Indrasishbanerjee AEM MCP Server versions prior to commit b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. The vulnerability arises in the 'getAssetMetadata' function within 'src/mcp-server.ts', part of the Axios Request Flow. The issue allows remote attackers to manipulate the 'assetPath' argument, leading to unauthorized outbound requests from the server to an attacker-specified destination.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where the server makes requests to internal or external resources on behalf of the attacker. This could be used to probe internal services or access sensitive information.

Reproduction

To reproduce this vulnerability, invoke the 'getAssetMetadata' method through the MCP tool or a JSON-RPC client, using a crafted 'assetPath' that points to an internal or external resource. The server will then make a request to the specified assetPath, demonstrating the SSRF vulnerability.

Remediation

It is recommended to validate the 'assetPath' argument to ensure it starts with an approved AEM asset root, such as '/content/dam/'. Additionally, all outbound request paths should be resolved relative to the configured AEM base URL, rejecting absolute or protocol-relative URLs. After applying these changes, regression tests should be added to ensure the vulnerability is addressed.