{"vulnerability": "ghsa-wm45-qh3g-v83f", "sightings": [{"uuid": "0e6b2643-c79b-47be-9b1b-46a33dfaa37c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-WM45-QH3G-V83F", "type": "seen", "source": "https://gist.github.com/alon710/fc6e89658925d24a4569a59a6ba7a610", "content": "# GHSA-WM45-QH3G-V83F: GHSA-WM45-QH3G-V83F: Arbitrary Server-Side File Read and Exfiltration via Attachment Upload in mcp-atlassian\n\n&gt; **CVSS Score:** 7.7\n&gt; **Published:** 2026-07-10\n&gt; **Full Report:** https://cvereports.com/reports/GHSA-WM45-QH3G-V83F\n\n## Summary\nAn arbitrary server-side file read vulnerability exists in the mcp-atlassian integration server. Remote clients utilizing SSE or HTTP transports can exploit the lack of directory containment on attachment-upload tools to resolve and read arbitrary host files, exfiltrating them directly to Atlassian Jira or Confluence.\n\n## TL;DR\nRemote clients can read and exfiltrate arbitrary files from the host server (such as system configurations and API keys) by exploiting a directory traversal vulnerability in mcp-atlassian before 0.22.0.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-22\n- **Attack Vector**: Network\n- **CVSS v3.1**: 7.7 (High)\n- **Impact**: Arbitrary File Read / Data Exfiltration\n- **Exploit Status**: PoC Available\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- mcp-atlassian PyPI package deployed over remote network transports (HTTP/SSE)\n- **mcp-atlassian**: &lt; 0.22.0 (Fixed in: `0.22.0`)\n\n## Mitigation\n\n- Upgrade to mcp-atlassian version 0.22.0 or later\n- Restrict the MCP server's network bindings to 127.0.0.1\n- Run the MCP server in a containerized environment with a non-root user and minimal read privileges\n\n**Remediation Steps:**\n1. Identify deployments running mcp-atlassian versions prior to 0.22.0\n2. Update the PyPI dependency to mcp-atlassian&gt;=0.22.0 in requirements.txt or pyproject.toml\n3. Rebuild and redeploy the MCP server container or service\n4. Audit Atlassian Confluence page attachments and Jira ticket attachments for unauthorized files (e.g., passwd, hosts, environ)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-WM45-QH3G-V83F) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-11T01:11:41.805762Z"}]}