ZachHandley ZMCPTools Path Traversal Vulnerability in MCP Log Resource Handler

A path traversal vulnerability has been identified in ZachHandley ZMCPTools versions through 0.2.2. The issue resides in the MCP Log Resource Handler, specifically within the file 'src/managers/ResourceManager.ts'. The vulnerability allows remote exploitation by manipulating the 'dirname' argument, which leads to unauthorized access to the filesystem. An attacker can exploit this flaw to read arbitrary local files accessible to the server process, such as '/etc/hosts'.

Impact

Exploitation of this vulnerability allows for arbitrary local file reading, with the potential to access sensitive files like the '/etc/hosts' file.

Reproduction

The vulnerability can be reproduced by sending a 'resources/read' request through the MCP interface, using a crafted 'logs://{dirname}/content?file={filename}' URI that includes '../' sequences in the 'dirname' parameter. This request can be made using the MCP SDK by connecting to the ZMCPTools server and invoking the 'readResource' method with the malicious URI.

Remediation

Users are advised to restrict access to the MCP resource interface to trusted users only. Additionally, the 'logs://*/content' and 'logs://*/files' resource handlers should be disabled or removed until the path validation issue is resolved. Once a patch is available, it is recommended to publish a security advisory.