Homepage

kimai-mcp@2.5.2 vulnerabilities

MCP server for Kimai time-tracking API integration

  • latest version

    2.11.2

  • latest non vulnerable version

    2.11.2

  • first published

    1 months ago

  • latest version published

    1 months ago

  • licenses detected

  • View kimai-mcp package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the kimai-mcp package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Insufficiently Protected Credentials

    kimai-mcp is a MCP server for Kimai time-tracking API integration

    Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the HTTP response handling logic that sets the X-Session-ID header. An attacker can hijack user sessions by observing session identifiers leaked in HTTP response headers, as the server exposes active session tokens outside the intended trust boundary, enabling unauthorized reuse of valid sessions.

    How to fix Insufficiently Protected Credentials?

    Upgrade kimai-mcp to version 2.10.0 or higher.

    [,2.10.0)
    Go back to all versions of this package