JPenuliar/Qlik-Sense-MCP-Server
criticalNo description
This MCP server connects to Qlik Sense tenants to fetch metadata, list applications, and compare application scripts, generating summary reports of di...
// Source file not analyzed: server.ts
// Finding inferred from import chain: server.ts:81
// Network-exposed MCP server; the /api/test-tool endpoint is accessible to any client that can reach the server.
The /api/test-tool endpoint passes the user-supplied tenantId directly to qlikAppService.getTenantInfo without any validation. If the underlying service uses this value to construct a URL or make network requests, an attacker could provide a malicious tenantId (e.g., pointing to internal services) to perform Server-Side Request Forgery (SSRF).
ImpactAn attacker could make the server send requests to internal network resources, potentially accessing sensitive data or services not intended to be exposed.
FixValidate that tenantId matches an expected pattern (e.g., a UUID or a known tenant identifier) before passing it to the service. Avoid using user input directly in URL construction.
// Source file not analyzed: server.ts
// Finding inferred from import chain: server.ts:88
// Network-exposed MCP server; the /api/test-tool endpoint is accessible to any client.
The /api/test-tool endpoint passes user-supplied appId1 and appId2 directly to qlikAppService.compareScripts without validation. If the service uses these values to construct API calls to Qlik Sense or other endpoints, an attacker could manipulate them to trigger SSRF.
ImpactAn attacker could force the server to interact with arbitrary internal or external systems, potentially leading to data exfiltration or further compromise.
FixValidate that appId1 and appId2 conform to expected formats (e.g., alphanumeric strings of a specific length) and do not contain URL manipulation characters.
// Source file not analyzed: server.ts
// Finding inferred from import chain: server.ts:84
// Network-exposed MCP server; the /api/test-tool endpoint is accessible to any client.
The limit parameter is parsed from user input without validation. While parseInt mitigates some injection, an attacker could provide a very large number or a negative value, potentially causing resource exhaustion or unexpected behavior in the underlying service.
ImpactAn attacker could cause denial of service by requesting an excessively large limit, or trigger errors with negative values.
FixValidate that limit is a positive integer within a reasonable range (e.g., 1-1000) before passing it to the service.
// Source file not analyzed: server.ts
// Finding inferred from import chain: server.ts:85
// Network-exposed MCP server; the /api/test-tool endpoint is accessible to any client.
The next parameter is taken directly from user input without validation. If the underlying service uses this value in API calls (e.g., as a pagination token), an attacker could inject malicious data, potentially leading to SSRF or other injection attacks.
ImpactAn attacker could manipulate pagination to access unauthorized data or trigger SSRF if the token is used in URL construction.
FixValidate that next is a safe string (e.g., alphanumeric and base64) and does not contain URL manipulation characters.