ShadowCloneLabs GlutamateMCPServers Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in ShadowCloneLabs GlutamateMCPServers versions prior to commit e2de73280b01e5d943593dd1aa2c01c5b9112f78. The vulnerability exists in the puppeteer_navigate component, specifically within the file src/puppeteer/index.ts. The issue arises because the puppeteer_navigate tool accepts a user-supplied URL argument and passes it directly to the page.goto function without proper validation or allowlisting. This flaw allows an attacker with network access to the MCP/HTTP interface to manipulate the URL and have the headless browser navigate to arbitrary destinations. Such exploitation could access internal services, cloud metadata endpoints, or other restricted resources, potentially leading to unauthorized information disclosure and further compromise, depending on the environment.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal or external resources on their behalf. This could result in accessing sensitive data from internal services or cloud metadata, and depending on the response, could lead to further exploitation or compromise of the server or application.

Reproduction

To reproduce this vulnerability, send a request to the MCP/HTTP interface of the affected GlutamateMCPServers deployment. Use the 'puppeteer_navigate' tool and provide a URL that points to a service you want to access through the server. The request will be processed by the vulnerable 'puppeteer_navigate' component, which will navigate to the specified URL without any validation. You can verify the exploitation by checking if the request to the URL was successfully made and if any sensitive information was returned.

Remediation

No specific remediation is known at this time, but it is recommended to update to a version that includes the patch for this vulnerability.