imprvhub mcp-browser-agent Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in imprvhub mcp-browser-agent versions prior to 0.8.0. The issue arises in the CallToolRequestSchema function within src/handlers.ts, where the URL Parameter Handler component improperly validates request parameters. This flaw allows remote attackers to manipulate URL parameters, directing the server to make requests to arbitrary locations. Such exploitation could access internal systems, exfiltrate sensitive data, or bypass network restrictions.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where the server is tricked into making requests to internal or external resources. This could lead to accessing sensitive information, interacting with internal services, or bypassing network security measures.

Reproduction

To reproduce this vulnerability, send a request to the MCP interface of the affected deployment, using the 'tools/call' method. Include 'browser_navigate' as the tool name and a crafted URL as the argument. The server will navigate to the supplied URL, demonstrating the lack of SSRF protections.

Remediation

It is recommended to implement a strict URL validation policy at the MCP endpoint, blocking or validating URL parameters before they are processed. Additionally, requiring authentication and authorization for MCP tools, along with auditing and rate-limiting sensitive operations, can help mitigate the risk.