ChrisChinchilla Vale-MCP Command Injection Vulnerability in HTTP Interface
Vulnerability
A command injection vulnerability has been identified in ChrisChinchilla Vale-MCP versions through 0.1.0. The issue resides in the HTTP interface, specifically within the 'src/index.ts' file. The vulnerability allows an attacker to inject malicious commands via the 'config_path' argument, which are then executed on the server's operating system. This exploitation occurs locally and has been made public.
Impact
Exploitation of this vulnerability allows for arbitrary command execution on the server, with the potential for full host compromise. Such actions could lead to unauthorized data access, alteration of server states, and disruption of services.
Reproduction
To reproduce this vulnerability, send a request to the MCP/HTTP interface that includes a crafted 'config_path' argument. The injected command will be executed on the server, as demonstrated by the creation of a file named 'poc.txt' after exploitation.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.