Atlassian MCP

Official MCP

Jira and Confluence integration for project management, content search, and issue tracking

vcommit-b3e2149-2026-03-01

PDF

Schnellinstallation

smcp run official/atlassian-mcp@commit-b3e2149-2026-03-01

Sicher ausführen mit mcp hub client Der sichere MCP-Runner von mcp-hub

Integrity Verified

Level 0

Basic integrity checks passed. Digest validation and schema validation completed.

MSSS: Level 0 (Not Compliant)

Findings

Critical

High

35/100

Global Security Score

Not Recommended for Production

Critical security issues found. This MCP server should not be used in production until remediated.

26 findings

1 critical

4 high

Vulnerability Summary

Critical

High

Medium

Low

Info

26 total findings detected

Critical

High

Medium

Score Breakdown

Security (50% weight) 40

Supply Chain (30% weight) 100

Maturity (20% weight) 100

Global Score (weighted) 35

OWASP MCP Top 10 View full details →

MCP01

Token & Secrets

At Risk

MCP02

Privilege Escalation

Mitigated

MCP03

Tool Poisoning

At Risk

MCP04

Supply Chain

Mitigated

MCP05

Cmd Injection

Mitigated

MCP06

Intent Subversion

Mitigated

MCP07

Auth/AuthZ

Mitigated

MCP08

Audit & Telemetry

At Risk

MCP09

Shadow Servers

At Risk

MCP10

Context Injection

Mitigated

MSSS Certification Level

MCP Server Security Standard (MSSS) — Ein standardisiertes Framework zur Bewertung der Sicherheit von MCP-Servern. Mehr erfahren

0 Level 0

Sicherheitskontrollen

Other Controls

23/26 passed

No Secrets in Code

Control failed: 10 findings found, score 50.0

MEDIUM FAIL

No Tool Poisoning

Control failed: 5 findings found, score 50.0

HIGH FAIL

No Hidden Network Channels

Control failed: 10 findings found, score 50.0

CRITICAL FAIL

Code Quality

PASS

Error Handling

PASS

Input Validation

PASS

Logging

PASS

No Critical Vulnerabilities

PASS

No High Vulnerabilities

PASS

No SQL Injection

PASS

No Command Injection

PASS

No Path Traversal

PASS

No Insecure Deserialization

PASS

No XSS Vulnerabilities

PASS

Secure Cryptography

PASS

No Hardcoded Credentials

PASS

No Prompt Injection

PASS

No Remote Code Execution

PASS

No SSRF or Data Exfiltration

PASS

No Privilege Escalation

PASS

No Cross-Tool Data Leakage

PASS

Compatible License

PASS

No Copyleft License

PASS

No Deprecated Dependencies

PASS

Pinned Dependencies

PASS

Known Supply Chain

PASS

Security Findings

26 findings:

Filter:

Severity	CVSS	Finding	Class	Location	CWE
critical	—	DNS exfiltration pattern detected - data encoded in DNS queries DNS exfiltration pattern detected - data encoded in DNS queries	M Hidden Network	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/utils/urls.py:185	—
Description DNS exfiltration pattern detected - data encoded in DNS queries Code Snippet `results = socket.getaddrinfo(hostname, None)` Remediation Review DNS queries for data exfiltration; restrict DNS to known resolvers; monitor for unusual DNS patterns Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/utils/urls.py:185 View on GitHub Confidence medium Rule ID MCP-M001
high	—	Module path manipulation with user input Module path manipulation with user input	L Lifecycle	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/scripts/oauth_authorize.py:39	—
Description Module path manipulation with user input Code Snippet `sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))` Remediation Validate and sanitize module paths; use allowlists for permitted module directories Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/scripts/oauth_authorize.py:39 View on GitHub Confidence medium Rule ID MCP-L004
high	—	Exfiltration pattern detected in tool or code Exfiltration pattern detected in tool or code	G Tool Poisoning	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/servers/confluence.py:279	—
Description Exfiltration pattern detected in tool or code Code Snippet `description="Whether to include the page content in the response",` Remediation Remove instructions that request sensitive data extraction Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/servers/confluence.py:279 View on GitHub Confidence medium Rule ID MCP-G006
high	—	Exfiltration pattern detected in tool or code Exfiltration pattern detected in tool or code	G Tool Poisoning	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/servers/confluence.py:1007	—
Description Exfiltration pattern detected in tool or code Code Snippet `include_title: Whether to include the page title in the response.` Remediation Remove instructions that request sensitive data extraction Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/servers/confluence.py:1007 View on GitHub Confidence medium Rule ID MCP-G006
high	—	Exfiltration pattern detected in tool or code Exfiltration pattern detected in tool or code	G Tool Poisoning	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/servers/jira.py:3061	—
Description Exfiltration pattern detected in tool or code Code Snippet `Field(description="Include raw date values in the response"),` Remediation Remove instructions that request sensitive data extraction Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/servers/jira.py:3061 View on GitHub Confidence medium Rule ID MCP-G006
medium	—	Outbound connection to dynamically constructed URL Outbound connection to dynamically constructed URL	M Hidden Network	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/jira/development.py:152	—
Description Outbound connection to dynamically constructed URL Code Snippet `url = f"{self.config.url}/rest/dev-status/1.0/issue/detail"` Remediation Use allowlist for outbound connections; declare all endpoints in manifest; avoid dynamic URL construction Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/jira/development.py:152 View on GitHub Confidence medium Rule ID MCP-M003
medium	—	Outbound connection to dynamically constructed URL Outbound connection to dynamically constructed URL	M Hidden Network	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/jira/forms_api.py:84	—
Description Outbound connection to dynamically constructed URL Code Snippet `url = f"https://api.atlassian.com/jira/forms/cloud/{self._cloud_id}{endpoint}"` Remediation Use allowlist for outbound connections; declare all endpoints in manifest; avoid dynamic URL construction Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/jira/forms_api.py:84 View on GitHub Confidence medium Rule ID MCP-M003
medium	—	Outbound connection to dynamically constructed URL Outbound connection to dynamically constructed URL	M Hidden Network	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/jira/links.py:164	—
Description Outbound connection to dynamically constructed URL Code Snippet `endpoint = f"rest/api/3/issue/{issue_key}/remotelink"` Remediation Use allowlist for outbound connections; declare all endpoints in manifest; avoid dynamic URL construction Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/jira/links.py:164 View on GitHub Confidence medium Rule ID MCP-M003
medium	—	Outbound connection to dynamically constructed URL Outbound connection to dynamically constructed URL	M Hidden Network	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/jira/users.py:234	—
Description Outbound connection to dynamically constructed URL Code Snippet `url = f"{self.config.url}/rest/api/2/user/permission/search"` Remediation Use allowlist for outbound connections; declare all endpoints in manifest; avoid dynamic URL construction Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/jira/users.py:234 View on GitHub Confidence medium Rule ID MCP-M003
medium	—	Potential secret in variable name Potential secret in variable name	E Secrets/Tokens	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/jira/utils.py:114	—
Description Potential secret in variable name Code Snippet `token_pattern` Remediation Avoid storing secrets in plaintext variables Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/jira/utils.py:114 View on GitHub Confidence low Rule ID MCP-E002
medium	—	Potential secret in variable name Potential secret in variable name	E Secrets/Tokens	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/utils/oauth_setup.py:409	—
Description Potential secret in variable name Code Snippet `client_secret` Remediation Avoid storing secrets in plaintext variables Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/utils/oauth_setup.py:409-411 View on GitHub Confidence low Rule ID MCP-E002
medium	—	Potential secret in variable name Potential secret in variable name	E Secrets/Tokens	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/utils/toolsets.py:186	—
Description Potential secret in variable name Code Snippet `tokens` Remediation Avoid storing secrets in plaintext variables Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/utils/toolsets.py:186 View on GitHub Confidence low Rule ID MCP-E002
medium	—	Potential secret in variable name Potential secret in variable name	E Secrets/Tokens	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/servers/dependencies.py:226	—
Description Potential secret in variable name Code Snippet `auth_desc` Remediation Avoid storing secrets in plaintext variables Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/servers/dependencies.py:226 View on GitHub Confidence low Rule ID MCP-E002
medium	—	Potential secret in variable name Potential secret in variable name	E Secrets/Tokens	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/servers/dependencies.py:333	—
Description Potential secret in variable name Code Snippet `global_oauth` Remediation Avoid storing secrets in plaintext variables Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/servers/dependencies.py:333 View on GitHub Confidence low Rule ID MCP-E002
medium	—	Tool description contains suspicious Unicode characters Tool description contains suspicious Unicode characters	G Tool Poisoning	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/servers/jira.py:2866	—
Description Tool description contains suspicious Unicode characters Code Snippet `- DATETIME: DateTime values - ⚠️ USE WORKAROUND ABOVE` Remediation Remove Unicode control characters and confusables Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/servers/jira.py:2866 View on GitHub Confidence high Rule ID MCP-G002
medium	—	Potential secret in variable name Potential secret in variable name	E Secrets/Tokens	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/scripts/oauth_authorize.py:211	—
Description Potential secret in variable name Code Snippet `oauth_config` Remediation Avoid storing secrets in plaintext variables Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/scripts/oauth_authorize.py:211-216 View on GitHub Confidence low Rule ID MCP-E002
medium	—	Potential secret in variable name Potential secret in variable name	E Secrets/Tokens	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/servers/main.py:742	—
Description Potential secret in variable name Code Snippet `upstream_authorize, upstream_token` Remediation Avoid storing secrets in plaintext variables Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/servers/main.py:742-746 View on GitHub Confidence low Rule ID MCP-E002
medium	—	Potential secret in variable name Potential secret in variable name	E Secrets/Tokens	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/utils/environment.py:39	—
Description Potential secret in variable name Code Snippet `client_secret` Remediation Avoid storing secrets in plaintext variables Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/utils/environment.py:39 View on GitHub Confidence low Rule ID MCP-E002
medium	—	Outbound connection to dynamically constructed URL Outbound connection to dynamically constructed URL	M Hidden Network	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/utils/oauth.py:177	—
Description Outbound connection to dynamically constructed URL Code Snippet `response = requests.post(token_endpoint, data=payload, timeout=HTTP_TIMEOUT)` Remediation Use allowlist for outbound connections; declare all endpoints in manifest; avoid dynamic URL construction Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/utils/oauth.py:177 View on GitHub Confidence medium Rule ID MCP-M003
medium	—	Outbound connection to dynamically constructed URL Outbound connection to dynamically constructed URL	M Hidden Network	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/utils/oauth.py:277	—
Description Outbound connection to dynamically constructed URL Code Snippet `response = requests.post(self.token_url, data=payload, timeout=HTTP_TIMEOUT)` Remediation Use allowlist for outbound connections; declare all endpoints in manifest; avoid dynamic URL construction Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/utils/oauth.py:277 View on GitHub Confidence medium Rule ID MCP-M003
medium	—	Outbound connection to dynamically constructed URL Outbound connection to dynamically constructed URL	M Hidden Network	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/utils/oauth.py:322	—
Description Outbound connection to dynamically constructed URL Code Snippet `response = requests.get(CLOUD_ID_URL, headers=headers, timeout=HTTP_TIMEOUT)` Remediation Use allowlist for outbound connections; declare all endpoints in manifest; avoid dynamic URL construction Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/utils/oauth.py:322 View on GitHub Confidence medium Rule ID MCP-M003
medium	—	Potential secret in variable name Potential secret in variable name	E Secrets/Tokens	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/utils/oauth.py:722	—
Description Potential secret in variable name Code Snippet `session.headers["Authorization"]` Remediation Avoid storing secrets in plaintext variables Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/utils/oauth.py:722 View on GitHub Confidence low Rule ID MCP-E002
medium	—	Potential secret in variable name Potential secret in variable name	E Secrets/Tokens	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/utils/oauth_setup.py:214	—
Description Potential secret in variable name Code Snippet `authorization_state` Remediation Avoid storing secrets in plaintext variables Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/utils/oauth_setup.py:214 View on GitHub Confidence low Rule ID MCP-E002
medium	—	Tool description contains suspicious Unicode characters Tool description contains suspicious Unicode characters	G Tool Poisoning	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/scripts/oauth_authorize.py:339	—
Description Tool description contains suspicious Unicode characters Code Snippet `logger.warning("\n⚠️ WARNING: The 'offline_access' scope is missing!")` Remediation Remove Unicode control characters and confusables Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/scripts/oauth_authorize.py:339 View on GitHub Confidence high Rule ID MCP-G002
medium	—	Outbound connection to dynamically constructed URL Outbound connection to dynamically constructed URL	M Hidden Network	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/confluence/analytics.py:133	—
Description Outbound connection to dynamically constructed URL Code Snippet `url = f"{self.confluence.url}/rest/api/analytics/content/{page_id}/views"` Remediation Use allowlist for outbound connections; declare all endpoints in manifest; avoid dynamic URL construction Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/confluence/analytics.py:133 View on GitHub Confidence medium Rule ID MCP-M003
medium	—	Outbound connection to dynamically constructed URL Outbound connection to dynamically constructed URL	M Hidden Network	/tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/jira/comments.py:150	—
Description Outbound connection to dynamically constructed URL Code Snippet `url = f"rest/servicedeskapi/request/{issue_key}/comment"` Remediation Use allowlist for outbound connections; declare all endpoints in manifest; avoid dynamic URL construction Location /tmp/mcp-scan-worker-1836898752/source/b3e214905a04-cbeb940c/src/mcp_atlassian/jira/comments.py:150 View on GitHub Confidence medium Rule ID MCP-M003

MCP Surface Analysis

Attack Surface Analysis

Declared capabilities, transport security, and authentication posture

Tools

Resources

Transport

http

Auth

Not detected

Detected Capabilities

Inferred system access requirements from static analysis

8 checked

Declared Tools

10 total

run_oauth_flow low

do_GET low

handle_forms_http_error low

handle_tool_errors low

handle_auth_errors low

handle_atlassian_api_errors low

should_include_tool low

run_oauth_flow low

run_oauth_setup low

do_GET low

Resources

0 total

No resources detected

This server does not expose any data resources

Transport Security

Insecure

Type: http
Protocol: Not detected
TLS / Encryption: Not Enabled

Authentication & Secrets

Authentication: Not Detected
Token in Environment: No
Secrets Detected: None Detected

No authentication mechanism detected. This server may accept unauthenticated connections.

OWASP MCP Top 10 (2025)

Risk assessment mapped to OWASP MCP security framework v0.1

OWASP Reference

Risk ID	Risk Name	Status	Related Controls	Findings
MCP01	Token Mismanagement & Secret Exposure Hard-coded credentials, long-lived tokens, secrets in logs	Vulnerable	2/3 controls pass	10
MCP02	Privilege Escalation via Scope Creep Weak scope enforcement, expanding permissions	Mitigated	1/1 controls pass	0
MCP03	Tool Poisoning Rug pulls, schema poisoning, tool shadowing	Vulnerable	1/2 controls pass	5
MCP04	Software Supply Chain Attacks Dependency tampering, build pipeline attacks	Mitigated	3/3 controls pass	0
MCP05	Command Injection & Execution Shell injection, chained execution, tool-mediated injection	Mitigated	2/2 controls pass	0
MCP06	Prompt Injection via Contextual Payloads Hidden instructions in input, files, or retrieved documents	Mitigated	4/4 controls pass	0
MCP07	Insufficient Authentication & Authorization Missing auth, shared secrets, token replay, impersonation	Not Assessed	No mapped controls	0
MCP08	Lack of Audit and Telemetry Insufficient logging, no traceability for autonomous workflows	Mitigated	1/1 controls pass	1
MCP09	Shadow MCP Servers Unauthorized instances outside security governance	Vulnerable	No mapped controls	10
MCP10	Context Injection & Over-Sharing Context window leaks, data exposure across sessions	Mitigated	2/2 controls pass	0

Based on OWASP MCP Top 10 v0.1 (2025). Controls and findings are mapped by category and keyword analysis.

26 total findings analyzed

Compliance Matrix

Level 0: Integrity Verified

Cert Level 0

Basic digest and schema validation only. No static analysis passed.

Next level requirements: Score ≥ 60, no critical findings, pass Level 1 controls

MSSS — MCP Server Security Standard

Certification level progression and control requirements · Score: 15/100 (Not Compliant)

MSSS Reference

Integrity Baseline

Static Verified Score ≥ 60

Security Certified Score ≥ 80

Runtime Certified Score ≥ 90

Level 1 -- Static Verified

23/26

Basic analysis, score ≥ 60, no critical findings

88%

No Critical Vulnerabilities
No High Vulnerabilities
No Secrets in Code
No SQL Injection
No Command Injection
No Path Traversal
No Insecure Deserialization
No XSS Vulnerabilities
Secure Cryptography
No Hardcoded Credentials
Compatible License
No Copyleft License
No Deprecated Dependencies
Pinned Dependencies
Known Supply Chain
Code Quality
Error Handling
Input Validation
Logging
No Prompt Injection
No Tool Poisoning
No Remote Code Execution
No SSRF or Data Exfiltration
No Privilege Escalation
No Cross-Tool Data Leakage
No Hidden Network Channels

Level 2 -- Security Certified

0/0

Full analysis, score ≥ 80, SBOM evidence required

Level 3 -- Runtime Certified

0/0

Score ≥ 90, dynamic analysis, full attestation chain

MSSS Controls Detail

Individual control results grouped by security category

Control	Status	Severity	Evidence
No Critical Vulnerabilities SEC-001	PASS		Control passed: No significant issues found
No High Vulnerabilities SEC-002	PASS		Control passed: No significant issues found
No Secrets in Code SEC-003	FAIL	MEDIUM	Control failed: 10 findings found, score 50.0
No SQL Injection SEC-004	PASS		Control passed: No significant issues found
No Command Injection SEC-005	PASS		Control passed: No significant issues found
No Path Traversal SEC-006	PASS		Control passed: No significant issues found
No Insecure Deserialization SEC-007	PASS		Control passed: No significant issues found
No XSS Vulnerabilities SEC-008	PASS		Control passed: No significant issues found
Secure Cryptography SEC-009	PASS		Control passed: No significant issues found
No Hardcoded Credentials SEC-010	PASS		Control passed: No significant issues found
Compatible License SC-001	PASS		Control passed: No significant issues found
No Copyleft License SC-002	PASS		Control passed: No significant issues found
No Deprecated Dependencies SC-003	PASS		Control passed: No significant issues found
Pinned Dependencies SC-004	PASS		Control passed: No significant issues found
Known Supply Chain SC-005	PASS		Control passed: No significant issues found
Code Quality MAT-001	PASS		Control passed: No significant issues found
Error Handling MAT-002	PASS		Control passed: No significant issues found
Input Validation MAT-003	PASS		Control passed: No significant issues found
Logging MAT-004	PASS		Control passed: No significant issues found
No Prompt Injection SEC-011	PASS		Control passed: No significant issues found
No Tool Poisoning SEC-012	FAIL	HIGH	Control failed: 5 findings found, score 50.0
No Remote Code Execution SEC-013	PASS		Control passed: No significant issues found
No SSRF or Data Exfiltration SEC-014	PASS		Control passed: No significant issues found
No Privilege Escalation SEC-015	PASS		Control passed: No significant issues found
No Cross-Tool Data Leakage SEC-016	PASS		Control passed: No significant issues found
No Hidden Network Channels SEC-017	FAIL	CRITICAL	Control failed: 10 findings found, score 50.0

Details

Repository: https://github.com/sooperset/mcp-atlassian
Sprache
Lizenz
Neueste Version: commit-b3e2149-2026-03-01
Zuletzt aktualisiert: Mar 1, 2026

Score Badge

Add this badge to your README.

[![MCP Hub](https://mcp-hub.info/badge/_/atlassian-mcp.svg)](https://mcp-hub.info/mcp/_/atlassian-mcp)

Capabilities

Filesystem Network Command Execution Code Evaluation Database Secrets LLM Access Environment

View full details →

Versionen

Analysis Metadata

Toolchain Version: mcp-scan:1.0.0
Analyzed: 2026-03-01 16:18:48

Schnellinstallation

Integrity Verified

Not Recommended for Production

Vulnerability Summary

Score Breakdown

OWASP MCP Top 10 View full details →

MSSS Certification Level

Sicherheitskontrollen

Other Controls

Security Findings

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description

Code Snippet

Remediation

Description