Awslabs Healthlake Mcp Server
Monthly
Server-side request forgery in AWS awslabs.healthlake-mcp-server before 0.0.14 lets a remote authenticated user exfiltrate AWS temporary security credentials to an attacker-controlled endpoint by supplying a crafted next_token pagination parameter. Because the server never validates that paginated request URLs still point at the legitimate HealthLake FHIR datastore, subsequent authenticated calls (carrying SigV4/temporary credentials) can be redirected off-host. Rated CVSS 4.0 9.2 (critical); no public exploit identified at time of analysis and not listed in CISA KEV.
Server-side request forgery in AWS awslabs.healthlake-mcp-server before 0.0.14 lets a remote authenticated user exfiltrate AWS temporary security credentials to an attacker-controlled endpoint by supplying a crafted next_token pagination parameter. Because the server never validates that paginated request URLs still point at the legitimate HealthLake FHIR datastore, subsequent authenticated calls (carrying SigV4/temporary credentials) can be redirected off-host. Rated CVSS 4.0 9.2 (critical); no public exploit identified at time of analysis and not listed in CISA KEV.