get_replay_details
on npm:@sentry/mcp-server@0.35.0
Severity
1 finding on this tool
- highssrf surfacef-r8-get_replay_details
Tool `get_replay_details` accepts an unconstrained URL / endpoint parameter
The parameter(s) `replayUrl` look like URL or endpoint inputs but carry no `pattern` or `enum` constraint. An agent tricked by an indirect-injection payload can invoke this tool with an internal-service URL (e.g. `http://169.254.169.254/`) to exfiltrate cloud metadata, probe internal APIs, or pivot to services the host can reach but the caller cannot.
fix: Constrain the URL parameter with an allow-list `enum`, or a `pattern` that restricts scheme and domain. Validate server-side against an allow-list and reject private / loopback / link-local address ranges at the HTTP client level.
OWASP LLM07NIST MANAGE-2.2ATLAS T0051
About this tool
get_replay_details is one of 23 tools exposed by Sentry MCP. The server scored 42/100 overall against the capframe rule engine (source: sandbox). Last scanned 2026-06-26.
The findings above are emitted by the public capframe.findings.v1 schema. Disagree with one? Open an issue.