mcp-server-kubernetes@0.2.3-pre.fdc2e0b

MCP server for interacting with Kubernetes clusters via kubectl

  • latest version

    3.9.2

  • latest non vulnerable version

  • first published

    1 years ago

  • latest version published

    13 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the mcp-server-kubernetes package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Incorrect Authorization

    mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl

    Affected versions of this package are vulnerable to Incorrect Authorization through the CallTool handler in src/index.ts. An attacker can invoke disallowed Kubernetes tools and perform destructive operations by sending a direct tools/call request for a restricted tool name, even when that tool is omitted from tools/list under ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, or ALLOWED_TOOLS. This allows a client that knows or guesses a restricted tool name to reach the underlying Kubernetes operation path and execute actions that the server was meant to block.

    How to fix Incorrect Authorization?

    Upgrade mcp-server-kubernetes to version 3.6.0 or higher.

    <3.6.0
    • M
    Arbitrary Argument Injection

    mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl

    Affected versions of this package are vulnerable to Arbitrary Argument Injection via the kubectl_generic tool. An attacker can obtain sensitive authentication tokens by injecting malicious flags in an application's log output that redirect API requests to an attacker-controlled server, causing the operator's bearer token to be exfiltrated during command execution. This is only exploitable if an operator with a privileged kubeconfig executes the process and their AI agent or automation follows the injected instructions.

    How to fix Arbitrary Argument Injection?

    Upgrade mcp-server-kubernetes to version 3.7.0 or higher.

    <3.7.0
    • H
    Arbitrary Command Injection

    mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl

    Affected versions of this package are vulnerable to Arbitrary Command Injection via the exec_in_pod tool. An attacker can execute arbitrary commands within Kubernetes pods by supplying crafted input containing shell meta-characters, which are interpreted by the shell due to lack of input validation.

    Note:

    This can be exploited either directly by users with access to the tool interface or indirectly by embedding malicious instructions in pod logs that may be executed by AI agents.

    How to fix Arbitrary Command Injection?

    Upgrade mcp-server-kubernetes to version 2.9.8 or higher.

    <2.9.8
    • H
    Arbitrary Command Injection

    mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl

    Affected versions of this package are vulnerable to Arbitrary Command Injection via the child_process.execSync function. An attacker can execute arbitrary system commands by supplying crafted input parameters.

    How to fix Arbitrary Command Injection?

    Upgrade mcp-server-kubernetes to version 2.5.0 or higher.

    <2.5.0