GHSA-WG4G-395P-MQV3: Partial fix for cleartext logging in n8n-mcp

Vulnerability

GHSA-WG4G-395P-MQV3 describes cleartext logging of sensitive tool-call arguments in n8n-mcp when running in HTTP mode. The security impact is straightforward: secrets or sensitive request parameters can be written to logs, expanding exposure to operators, log processors, SIEM backends, and any downstream retention or export path. The advisory summary says the remediation is to update to 2.47.3 and remove the vulnerable logging configuration.

The supplied commit reference is 643c98bcf7663fe8f08f6dfd21d2ddeb56634387. However, the visible diff material in the provided sources does not include an HTTP logging configuration change or any code path clearly tied to tool-call argument logging.

Patch

The only concrete behavioral code change shown in the provided patch snippets is in dist/database/node-repository.js:

console.error(`Error getting default operation for ${nodeType}:`, error);
console.error('Error getting default operation for', nodeType, error);

This change replaces string interpolation with structured console arguments. That can reduce tainted-format-string risk and avoid embedding untrusted values into a single formatted string, which is consistent with the changelog note that a broad hardening pass closed multiple CodeQL alerts including js/clear-text-logging and js/tainted-format-string. The changelog entry in the commit is broad and aggregates many fixes, but it does not identify the specific HTTP-mode tool-call logging configuration removal described by the advisory.

No supplied snippet shows:

• redaction of tool-call arguments,
• suppression of request/argument logging in HTTP mode,
• logger configuration changes for serializers or filters, or
• tests proving sensitive arguments are excluded from logs.

Review

Pros

• The patch evidence does show at least one logging hardening change, replacing template interpolation with argument-based logging.
• The changelog explicitly states that version 2.47.3 includes a security hardening pass and references js/clear-text-logging, which is directionally aligned with the advisory.
• The fix is low-risk in the shown location because it preserves error reporting while changing formatting style only.

Cons

• The provided diff does not demonstrate the actual root issue from the advisory: cleartext logging of sensitive tool-call arguments in HTTP mode.
• The visible code change is in a database repository error path, not an HTTP request handling or tool-call logging path.
• Changing console.error formatting does not by itself remove sensitive values from logs if those values are still passed as structured arguments or logged elsewhere.
• No regression test, config diff, or source snippet is provided to verify that sensitive tool-call arguments are now redacted or omitted.
• The bundled changelog claim is too high-level to validate this specific advisory without corresponding source changes.

Verdict

Partial fix.

Based on the supplied sources, the patch evidence is insufficient to conclude that the advisory's root cause was fully removed. The shown runtime change addresses logging style in one location, but it does not establish that HTTP-mode tool-call arguments are no longer logged in cleartext. For a root-cause verdict, the review would need to see the logger configuration or request/tool-call handling code where arguments were previously emitted, plus a targeted test asserting that sensitive arguments are redacted or not logged at all. As presented, the patch is security-hardening adjacent, but not source-demonstrated as a complete remediation for GHSA-WG4G-395P-MQV3. See also the external report summary at cvereports.com.