Puchunjie Doc-Tools-MCP Path Traversal Vulnerability Allowing Arbitrary File Read and Write

A path traversal vulnerability has been identified in Puchunjie Doc-Tools-MCP version 1.0.18. This vulnerability affects the MCP interface, specifically the 'create_document' and 'open_document' functions. The issue arises because the 'filePath' argument is not properly validated before being passed to file system operations. As a result, an attacker can manipulate the 'filePath' to read from or write to arbitrary locations on the server's file system, particularly targeting Word documents (.docx files). This vulnerability can be exploited remotely, leading to unauthorized data access, integrity issues, and potential disruption of service.

Impact

Exploitation of this vulnerability allows for arbitrary file read and write operations. An attacker could overwrite important files, consume disk space, or read sensitive Word documents from any location accessible to the server process.

Reproduction

To reproduce this vulnerability, upload a Word document to a location accessible by the server process. Then, use the 'create_document' MCP tool to write a file to the same location by setting the 'filePath' argument to the target path. After confirming the file has been created, use the 'open_document' tool with the same 'filePath' to read the document's content, demonstrating the vulnerability's impact.

Remediation

Users are advised to avoid exposing the MCP server to untrusted clients until a fix is available. Access to document read and write tools should be restricted to trusted local users. The MCP server can be run with a low-privilege OS account and in a restricted working directory to mitigate risks.