Sensitive information sent insecurely In mcp-salesforce-connector
Description
MCP-Salesforce's arbitrary attribute access leads to disclosure of Salesforce auth token
Impact
Disclosure of Salesforce OAuth bearer tokens used by the MCP.
Patches
fix applied in 0.1.10
Workarounds
Rotate any Salesforce tokens/credentials used by MCP-Salesforce.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 pypi | 0.1.10 |
Aliases
1. 2. 3. 4. 5.
References
1. 2. 3.