mcp-memory-service Wildcard CORS Misconfiguration Allows Cross-Origin Memory Access

A vulnerability in mcp-memory-service prior to version 10.25.1 allows for cross-origin memory access due to a wildcard CORS configuration. When the HTTP server is enabled and anonymous access is allowed, any website can read, modify, and delete memories stored in the service. This vulnerability arises from the default CORS settings, which permit all origins to access the API, combined with the lack of authentication for anonymous users.

Impact

Exploitation of this vulnerability allows any website to access, modify, or delete all stored memories in the mcp-memory-service. The attack can be conducted remotely, from anywhere on the internet, by luring a victim to visit a malicious website. Additionally, if the API key is included as a query parameter, it can be exposed through browser history and server logs.

Reproduction

To reproduce this vulnerability, enable the HTTP server in mcp-memory-service and allow anonymous access. Once the service is running, visit a malicious website that includes JavaScript. This script can send a fetch request to the mcp-memory-service API to access the memories endpoint. The response will include all stored memories, which can then be modified or deleted using the appropriate API endpoints.

Remediation

Update mcp-memory-service to version 10.25.1 or later. If using a version prior to 10.25.1, manually configure the CORS settings to restrict access to specific origins, such as 'http://localhost:8000'.