Geldata Gel-MCP Path Traversal Vulnerability in fetch_rule Function

A path traversal vulnerability has been identified in Geldata's Gel-MCP version 0.1.0. The issue arises in the fetch_rule function within src/gel_mcp/server.py, where the rule_name argument is not properly validated. This flaw allows remote attackers to manipulate the input and access files outside the intended directory, leading to arbitrary file read. The vulnerability has been publicly disclosed and exploited.

Impact

Exploitation of this vulnerability allows for arbitrary file read, with the potential to access sensitive information from the server's file system.

Reproduction

To reproduce this vulnerability, invoke the fetch_rule tool with a crafted rule_name argument that includes traversal sequences, such as ../../../../../pyproject.toml. The server will resolve the path, escaping the intended directory and returning the contents of the specified file instead of a bundled Gel rule.

Remediation

Do not expose the fetch_rule tool to untrusted callers until the path validation issue is resolved. Consider serving only names returned by the list_rules() function and rejecting any input that contains path separators or traversal tokens. Additionally, run the service with limited file system privileges to prevent broad access to non-rule files.