Skip to content

fix(security): credential writers follow existing symlinks for auth.json / JSON stores #36367

Description

@1837620622

Description

Credential and state writers (FSUtil.writeJson, Filesystem.write used for auth/MCP/plugin stores) open the target path with normal write APIs. If auth.json (or similar) is replaced by a symlink, writes follow the link and can overwrite an attacker-chosen file (or plant secrets outside the intended store).

Expected

Refuse to write through an existing symlink for credential/state JSON writers; leave the link target untouched.

Actual

writeFile / writeFileString follow symlinks and write the target.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions