{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/mcphub/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["@samanhappy/mcphub ( \u003c 0.12.13)"],"_cs_severities":["high"],"_cs_tags":["path-traversal","web-application","mcphub"],"_cs_type":"advisory","_cs_vendors":["samanhappy"],"content_html":"\u003cp\u003eMCPHub is vulnerable to a path traversal vulnerability affecting versions prior to 0.12.13. The vulnerability exists in the MCPB file upload handler, which extracts a ZIP file and reads the \u003ccode\u003emanifest.json\u003c/code\u003e file. The \u003ccode\u003ename\u003c/code\u003e field from the manifest is directly concatenated into the file path without any sanitization or path traversal character validation. This allows an attacker to craft a malicious MCPB file with a \u003ccode\u003emanifest.name\u003c/code\u003e containing directory traversal sequences (e.g., \u003ccode\u003e../../../etc/malicious\u003c/code\u003e), leading to arbitrary file extraction and potential directory deletion via the \u003ccode\u003ecleanupOldMcpbServer\u003c/code\u003e function. This vulnerability poses a significant risk to systems running vulnerable versions of MCPHub, potentially allowing attackers to overwrite critical system files or execute arbitrary code.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious MCPB file.\u003c/li\u003e\n\u003cli\u003eThe malicious MCPB file contains a \u003ccode\u003emanifest.json\u003c/code\u003e file with a \u003ccode\u003ename\u003c/code\u003e field set to a path traversal string (e.g., \u003ccode\u003e../../../tmp/evil\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker uploads the malicious MCPB file to the \u003ccode\u003e/mcpb/upload\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003euploadMcpbFile\u003c/code\u003e function extracts the uploaded MCPB file to a temporary directory.\u003c/li\u003e\n\u003cli\u003eThe function reads and parses the \u003ccode\u003emanifest.json\u003c/code\u003e file from the temporary directory.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003emanifest.name\u003c/code\u003e value (containing the path traversal string) is used to construct the final extraction directory path using \u003ccode\u003epath.join\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe server attempts to create the directory specified by the crafted path and moves the extracted files to this location. Due to the path traversal, the files are written outside the intended directory.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ecleanupOldMcpbServer\u003c/code\u003e function may be triggered, attempting to delete directories based on the unsanitized name, though constrained to the upload directory.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this path traversal vulnerability allows an attacker to write files to arbitrary locations on the server\u0026rsquo;s file system. This could lead to overwriting critical system files, injecting malicious code into existing applications, or gaining unauthorized access to sensitive data. The exact impact depends on the permissions of the user running the MCPHub application and the contents of the files being written. If the attacker can overwrite executable files or configuration files, they could achieve arbitrary code execution and full system compromise.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the remediation recommendations from the original advisory: Use \u003ccode\u003epath.basename()\u003c/code\u003e to strip directory components from \u003ccode\u003emanifest.name\u003c/code\u003e, and enforce a strict character whitelist before use.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect MCPHub Path Traversal Attempt via Manifest Name\u0026rdquo; to identify attempts to exploit this vulnerability by monitoring for specific path traversal sequences in the manifest name (see Sigma rule).\u003c/li\u003e\n\u003cli\u003eUpgrade MCPHub to version 0.12.13 or later to patch this vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-mcphub-path-traversal/","summary":"MCPHub is vulnerable to path traversal, where a malicious MCPB file with a crafted manifest.name can cause files to be extracted to arbitrary locations due to missing sanitization in the upload handler.","title":"MCPHub Path Traversal Vulnerability via Malicious MCPB Manifest Name","url":"https://feed.craftedsignal.io/briefs/2024-01-mcphub-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Mcphub","version":"https://jsonfeed.org/version/1.1"}