Wonderwhy-er DesktopCommanderMCP Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Wonderwhy-er DesktopCommanderMCP version 0.2.37. The issue arises in the 'readFileFromUrl' function within 'src/tools/filesystem.ts', where user-supplied URLs are sent directly to the 'fetch()' function without proper validation. This flaw allows remote attackers to manipulate the URL argument and make the server perform unauthorized requests to internal services or cloud metadata endpoints, potentially leading to data exfiltration.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal resources or external services on behalf of the server, bypassing network restrictions and potentially accessing sensitive data or services.

Reproduction

To reproduce this vulnerability, use an AI agent integrated with DesktopCommanderMCP and instruct it to invoke the 'read_file' tool with a URL that targets an internal resource, such as cloud metadata or an internal API. The request will be processed by the server, which will follow the URL fetch without any validation, allowing access to the internal resource.

Remediation

Users are advised to update to the patched version of DesktopCommanderMCP, which includes validation for URLs before fetching, preventing the server from following redirects into internal spaces.