DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-G5R6-GV6M-F5JV: GHSA-G5R6-GV6M-F5JV: Arbitrary File Read and Exfiltration in mcp-atlassian via Missing Path Validation

GHSA-G5R6-GV6M-F5JV: Arbitrary File Read and Exfiltration in mcp-atlassian via Missing Path Validation

Vulnerability ID: GHSA-G5R6-GV6M-F5JV
CVSS Score: 7.7
Published: 2026-07-10

A directory traversal vulnerability exists in the mcp-atlassian integration server prior to version 0.22.0. The confluence_upload_attachment tool fails to restrict the paths of uploaded files, allowing authenticated users or external prompt injection payloads to retrieve and exfiltrate arbitrary files from the server's filesystem into Confluence.

TL;DR

mcp-atlassian prior to 0.22.0 is vulnerable to directory traversal via the confluence_upload_attachment tool, allowing arbitrary local file exfiltration to Confluence. This can be exploited remotely via indirect prompt injection.


⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-22
  • Attack Vector: Network
  • CVSS Score: 7.7 (High)
  • Exploit Status: PoC Available
  • Affected Component: confluence_upload_attachment tool
  • Fixed Version: 0.22.0

Affected Systems

  • mcp-atlassian integration servers
  • mcp-atlassian: < 0.22.0 (Fixed in: 0.22.0)

Exploit Details

  • Advisory PoC: Verification details and exploitation concepts for the directory traversal flaw.

Mitigation Strategies

  • Upgrade mcp-atlassian to version 0.22.0 or higher.
  • Run the MCP server from an isolated, empty directory.
  • Limit the OS-level file permissions of the process runner.

Remediation Steps:

  1. Run pip install --upgrade mcp-atlassian.
  2. Verify installation of version 0.22.0.
  3. Ensure that no sensitive files exist within the current working directory from which the server is run.

References


Read the full report for GHSA-G5R6-GV6M-F5JV on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)