DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-WM45-QH3G-V83F: GHSA-WM45-QH3G-V83F: Arbitrary Server-Side File Read and Exfiltration via Attachment Upload in mcp-atlassian

GHSA-WM45-QH3G-V83F: Arbitrary Server-Side File Read and Exfiltration via Attachment Upload in mcp-atlassian

Vulnerability ID: GHSA-WM45-QH3G-V83F
CVSS Score: 7.7
Published: 2026-07-10

An arbitrary server-side file read vulnerability exists in the mcp-atlassian integration server. Remote clients utilizing SSE or HTTP transports can exploit the lack of directory containment on attachment-upload tools to resolve and read arbitrary host files, exfiltrating them directly to Atlassian Jira or Confluence.

TL;DR

Remote clients can read and exfiltrate arbitrary files from the host server (such as system configurations and API keys) by exploiting a directory traversal vulnerability in mcp-atlassian before 0.22.0.


⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-22
  • Attack Vector: Network
  • CVSS v3.1: 7.7 (High)
  • Impact: Arbitrary File Read / Data Exfiltration
  • Exploit Status: PoC Available
  • CISA KEV Status: Not Listed

Affected Systems

  • mcp-atlassian PyPI package deployed over remote network transports (HTTP/SSE)
  • mcp-atlassian: < 0.22.0 (Fixed in: 0.22.0)

Mitigation Strategies

  • Upgrade to mcp-atlassian version 0.22.0 or later
  • Restrict the MCP server's network bindings to 127.0.0.1
  • Run the MCP server in a containerized environment with a non-root user and minimal read privileges

Remediation Steps:

  1. Identify deployments running mcp-atlassian versions prior to 0.22.0
  2. Update the PyPI dependency to mcp-atlassian>=0.22.0 in requirements.txt or pyproject.toml
  3. Rebuild and redeploy the MCP server container or service
  4. Audit Atlassian Confluence page attachments and Jira ticket attachments for unauthorized files (e.g., passwd, hosts, environ)

Read the full report for GHSA-WM45-QH3G-V83F on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)