[BUG][SECURITY]: admin_get_server endpoint exposes unmasked OAuth credentials

[rakdutta]

The /admin/servers/{server_id} endpoint in mcpgateway/admin.py returns server details without masking sensitive OAuth credentials, exposing secrets like client_secret, password, and refresh_token to administrators viewing server details in the admin UI.

Location

• File: mcpgateway/admin.py
• Line: 2469
• Endpoint: GET /admin/servers/{server_id}

Root Cause

The admin_get_server endpoint returns raw server data without applying the masking function:

# Line 2469 - VULNERABLE CODE
server = await server_service.get_server(db, server_id)
return server.model_dump(by_alias=True)

This bypasses the .masked() method that redacts sensitive OAuth fields before returning data to clients.

Expected Behavior

The endpoint should mask sensitive OAuth credentials before returning server details, similar to how the servers list endpoint handles it:

# Line 2385 in admin.py - CORRECT PATTERN
servers_read = [server_service.convert_server_to_read(s) for s in servers]

The convert_server_to_read() method (line 397 in server_service.py) calls .masked() which redacts sensitive fields.

Security Impact

• Severity: High
• Exposure: OAuth client secrets, passwords, refresh tokens visible in admin UI
• Affected Users: All administrators with servers.read permission
• Attack Vector: Any admin viewing server details sees unmasked credentials

Proposed Fix

Change line 2469 in mcpgateway/admin.py from:

return server.model_dump(by_alias=True)

to:

return server_service.convert_server_to_read(server).model_dump(by_alias=True)

This ensures OAuth credentials are masked before being sent to the admin UI.

Additional Context

• The bug was pre-existing (introduced in PR feat: Enterprise Security Controls & Performance Improvements #2664) but became exploitable when PR Fix: Display OAuth 2.0 support and configuration in Server Administration UI #3573 added UI code to display OAuth config
• The servers list endpoint (admin_servers_partial_html) correctly uses convert_server_to_read() and is not affected
• Only the detail endpoint is vulnerable

Steps to Reproduce

1. Configure a virtual server with OAuth credentials
2. Log in as an administrator
3. Navigate to server details in admin UI
4. Click "View OAuth Config" badge
5. Observe unmasked client_secret, password, and refresh_token values

Related Files

• mcpgateway/admin.py (line 2469) - vulnerable endpoint
• mcpgateway/services/server_service.py (line 397) - correct masking pattern
• mcpgateway/static/admin.js (line 6901) - UI code that displays the exposed data

[rakdutta]

Virtual servers are designed to store only RFC 9728 Protected Resource Metadata, specifically:

• authorization_servers (array)
• token_endpoint (optional)
• scopes_supported (array)

No sensitive credentials are intended to be stored in the oauth_config of virtual servers.

Client Credentials

Virtual servers do not store client credentials.

About .masked() in ServerRead

The .masked() method already exists in ServerRead.

• It only masks values if sensitive keys are present (so there is no overhead otherwise).
• It acts as a safety net against future mistakes where sensitive fields might accidentally be introduced.
• It is consistent with security best practices.

Reference

Addressing under PR #3573.