{"uuid": "266111ea-9831-42b8-b90a-5952e25694b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-G5R6-GV6M-F5JV", "type": "seen", "source": "https://gist.github.com/alon710/1f4d78a54bd12c1ceab970579e216233", "content": "# GHSA-G5R6-GV6M-F5JV: GHSA-G5R6-GV6M-F5JV: Arbitrary File Read and Exfiltration in mcp-atlassian via Missing Path Validation\n\n&gt; **CVSS Score:** 7.7\n&gt; **Published:** 2026-07-10\n&gt; **Full Report:** https://cvereports.com/reports/GHSA-G5R6-GV6M-F5JV\n\n## Summary\nA directory traversal vulnerability exists in the mcp-atlassian integration server prior to version 0.22.0. The confluence_upload_attachment tool fails to restrict the paths of uploaded files, allowing authenticated users or external prompt injection payloads to retrieve and exfiltrate arbitrary files from the server's filesystem into Confluence.\n\n## TL;DR\nmcp-atlassian prior to 0.22.0 is vulnerable to directory traversal via the confluence_upload_attachment tool, allowing arbitrary local file exfiltration to Confluence. This can be exploited remotely via indirect prompt injection.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-22\n- **Attack Vector**: Network\n- **CVSS Score**: 7.7 (High)\n- **Exploit Status**: PoC Available\n- **Affected Component**: confluence_upload_attachment tool\n- **Fixed Version**: 0.22.0\n\n## Affected Systems\n\n- mcp-atlassian integration servers\n- **mcp-atlassian**: &lt; 0.22.0 (Fixed in: `0.22.0`)\n\n## Mitigation\n\n- Upgrade mcp-atlassian to version 0.22.0 or higher.\n- Run the MCP server from an isolated, empty directory.\n- Limit the OS-level file permissions of the process runner.\n\n**Remediation Steps:**\n1. Run pip install --upgrade mcp-atlassian.\n2. Verify installation of version 0.22.0.\n3. Ensure that no sensitive files exist within the current working directory from which the server is run.\n\n## References\n\n- [GitHub Security Advisory](https://github.com/advisories/GHSA-G5R6-GV6M-F5JV)\n- [mcp-atlassian GitHub Repository](https://github.com/sooperset/mcp-atlassian)\n- [Vulnerable Source File](https://raw.githubusercontent.com/sooperset/mcp-atlassian/v0.21.1/src/mcp_atlassian/confluence/attachments.py)\n- [Patched Source File](https://raw.githubusercontent.com/sooperset/mcp-atlassian/v0.22.0/src/mcp_atlassian/confluence/attachments.py)\n- [Validation Source File](https://raw.githubusercontent.com/sooperset/mcp-atlassian/v0.22.0/src/mcp_atlassian/utils/io.py)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-G5R6-GV6M-F5JV) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-11T00:42:57.861988Z"}