-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaScriptJavaScript| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| @samanhappy/mcphub | npm | <= 0.9.10 |
Miggo AIRoot Cause AnalysisThe vulnerability lies in an improper authentication mechanism within the mcphub application, specifically affecting the handling of Server-Sent Events (SSE) connections. The root cause is in the validateBearerAuth function located in src/services/sseService.ts. By default, the enableBearerAuth setting is false, causing validateBearerAuth to always return true, effectively disabling authentication for any endpoint that relies on it.
The primary vulnerable function is handleSseConnection, which is exposed via the route /:user/sse/:group. This function calls validateBearerAuth to secure the endpoint. Due to the flaw in validateBearerAuth, an unauthenticated remote attacker can make a request to this endpoint. The application's middleware extracts the user parameter from the URL and sets it as the current user's context. Since the authentication check is bypassed, the attacker can forge their identity to be any user, including an administrator, by simply crafting the URL (e.g., /admin/sse/somegroup). This gives them unauthorized access to the system with the privileges of the impersonated user.
Ongoing coverage of React2Shell