ef10007 MLOps_MCP Path Traversal Vulnerability in save_file Tool

A path traversal vulnerability has been identified in ef10007 MLOps_MCP version 1.0.0. The issue arises in the save_file tool within the file fastmcp_server.py. The vulnerability allows for arbitrary file writing outside the intended project workspace by manipulating the filename and destination arguments. This exploitation can be performed remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for arbitrary file writing outside the project's designated workspace, potentially overwriting important files or filling up storage. This could disrupt normal operations by, for example, overwriting critical files or causing storage-related issues.

Reproduction

To reproduce this vulnerability, invoke the save_file tool with an absolute destination path or a relative path that includes traversal sequences, such as '../../..'. The tool will write the specified file outside the intended workspace, demonstrating the path traversal flaw.

Remediation

It is recommended to reject absolute paths and traversal sequences in the destination argument. Additionally, constrain file saving to a specific allowlisted directory. Running the MCP server under a low-privilege account with limited write access can also help mitigate the risk.