Gil-Maman-P

**Name of the Vulnerable Software and Affected Versions** mcp-atlassian (affected versions not specified) **Description** The software contains a critical unauthenticated remote code execution (RCE) and server-side request forgery (SSRF) issue. The RCE is a result of arbitrary file write, leading to arbitrary code execution via an unconstrained `download path` in the `confluence download attachment` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MCP Atlassian versions prior to 0.17.0 **Description** MCP Atlassian is a Model Context Protocol (MCP) server used with Atlassian products like Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker reaching the mcp-atlassian HTTP endpoint can make the server send HTTP requests to a URL controlled by the attacker by providing specific HTTP headers without an `Authorization` header. This occurs in the HTTP middleware and dependency injection layer. In cloud environments, this could lead to the theft of IAM role credentials through the instance metadata endpoint (`169[.]254[.]169[.]254`). In any HTTP deployment, it allows for internal network reconnaissance and the injection of attacker-controlled content into LLM tool results. The issue is related to the absence of required authentication checks for specific HTTP requests. **Recommendations** Versions prior to 0.17.0 should be updated to version 0.17.0 or later.