| 제목 | wonderwhy-er DesktopCommanderMCP 0.2.13 wonderwhy-er |
|---|
| 설명 | Directory Traversal via Symbolic Link Bypass Leading to Arbitrary Read/Write
The isPathAllowed function for validating file operations is vulnerable to a security bypass using symbolic links (symlinks). The function does a good job of validating traditional directory traversal attacks (e.g., ../../../) by normalising the path. It validates that a path string starts with an allowed directory, but it does not resolve symlinks. An attacker can create a symlink inside an allowed directory that points to a restricted location. The check will pass, but the subsequent file operation will follow the symlink, leading to an arbitrary file read/write.
This vulnerability completely bypasses the directory restrictions, allowing an attacker to read or write arbitrary files on the system with the permissions of the running process. This can lead to sensitive data exposure (e.g., SSH keys, configuration files) or code execution if an attacker can write to executable files. The severity would vary depending on the privileges of the user running the server. |
|---|
| 원천 | ⚠️ https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/219 |
|---|
| 사용자 | crem (UID 91252) |
|---|
| 제출 | 2025. 10. 03. AM 07:15 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 08. PM 12:41 (5 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 327606 [wonderwhy-er DesktopCommanderMCP 까지 0.2.13 src/tools/filesystem.ts isPathAllowed 권한 상승] |
|---|
| 포인트들 | 20 |
|---|