pixelsock directus-mcp Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in pixelsock directus-mcp version 1.0.0. The issue arises in the MCP Interface component, specifically within the validateUrl function of index.ts. The vulnerability allows an attacker to manipulate the fileUrl argument, leading to unauthorized outbound HTTP requests from the server to internal or external destinations. This could result in information disclosure or further exploitation. The vulnerability can be exploited remotely, and a proof-of-concept has been made public. A pull request to address this issue is pending acceptance.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where the MCP server is induced to make arbitrary HTTP requests to loopback, internal, or attacker-controlled destinations. This could lead to unauthorized access to internal resources or information disclosure, depending on the behavior of the targeted endpoints.

Reproduction

To reproduce this vulnerability, upload a file using the MCP 'uploadFile' tool, specifying a 'fileUrl' that points to a controlled HTTP listener. The server will fetch the file from the specified URL, demonstrating the SSRF vulnerability by accessing an internal or loopback resource.

Remediation

A pull request to patch this vulnerability and upgrade affected dependencies is available but not yet merged.