Executive Summary

This vulnerability is a security flaw in the Axle-Bucamp MCP-Docusaurus software, specifically in the functions update_document, continue_document, delete_document, and get_content within the file app/routes/document.py.

The flaw allows an attacker to manipulate the DOCS_DIR or path argument to perform a path traversal attack, which means they can access files and directories outside the intended scope.

The attack can be initiated remotely, and the exploit has already been publicly released, making it easier for attackers to use.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow an attacker to access or modify files on the server that should be protected, potentially leading to unauthorized disclosure, modification, or deletion of sensitive data.

Because the attack can be performed remotely without authentication, it increases the risk of exploitation.

The impact includes loss of confidentiality, integrity, and availability of data handled by the affected software.

Useful 0 Not Useful 0

Compliance Impact

The path traversal vulnerability in MCP-Docusaurus allows unauthorized access, modification, or deletion of files outside the intended documentation directory. This can lead to exposure of sensitive files, unauthorized data manipulation, and potential service disruption.

Such unauthorized access and potential data breaches can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over the confidentiality, integrity, and availability of sensitive data.

Specifically, the vulnerability's impact on confidentiality (exposure of sensitive files), integrity (arbitrary file overwrites), and availability (service disruption) conflicts with regulatory requirements for protecting personal and sensitive information.

Mitigations such as restricting service exposure, running with minimal filesystem privileges, and enforcing strict path validation are necessary to reduce compliance risks.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by testing the affected MCP-Docusaurus API endpoints for path traversal attempts. Specifically, sending requests with traversal payloads such as "../" in parameters related to document operations (update_document, continue_document, delete_document, get_content) can reveal if the system improperly handles path validation.

Detection can be performed by issuing HTTP POST requests to endpoints like /tool/update_docs or other document-related routes with crafted payloads attempting to access files outside the intended DOCS_DIR.

Example commands using curl to test for path traversal might include:

• curl -X POST http://<target>/tool/update_docs -d '{"path": "../etc/passwd"}' -H 'Content-Type: application/json'
• curl -X POST http://<target>/tool/delete_document -d '{"path": "../../../../etc/shadow"}' -H 'Content-Type: application/json'

Monitoring logs for unusual file access patterns or unexpected file operations outside the documentation directory can also help detect exploitation attempts.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting exposure of the MCP-Docusaurus service to untrusted networks to prevent remote exploitation.

Run the MCP service with minimal filesystem privileges to limit the impact of any successful path traversal attack.

Disable document mutation tools (such as update, continue, delete document functions) in environments where users are not fully trusted.

Implement strict path validation by enforcing resolution of paths and rejecting any traversal patterns (e.g., "../") in all document-related functions.

Ensure proper authentication and authorization controls are in place on all API endpoints to prevent unauthorized access.

Review and apply any patches or updates once the project releases a fix addressing this vulnerability.

Useful 0 Not Useful 0