confluence_mcp_server

Critical security vulnerabilities exist due to the direct use of user-supplied arguments for file paths in several tools. Specifically: 1. The `confluence_vector_search` tool uses `args.vectorDbPath` directly in `fs.readFile`, allowing arbitrary file read (AFL) on the server filesystem. 2. The `confluence_page_to_markdown` tool uses `args.outputDir` and `args.filePath`. While filenames are sanitized, `outputDir` is used directly in `path.join` and `fs.mkdirSync`, enabling arbitrary file write (AFW) to any directory an attacker specifies. 3. The `confluence_markdown_to_page` tool uses `args.filePath` directly in `fs.readFileSync`, enabling arbitrary file read (AFL). 4. The `confluence_update_page_from_markdown` tool similarly uses `args.filePath` directly in `fs.readFileSync`, enabling arbitrary file read (AFL). 5. The `confluence_export_space_to_markdown` tool uses `args.outputDir`, also enabling arbitrary file write (AFW). These vulnerabilities could lead to disclosure of sensitive server files or writing of malicious files, potentially leading to remote code execution.