Asana MCP server back online after plugging a data-leak hole

Asana MCP server back online after plugging a data-leak hole

: New MCP server was shut down for nearly two weeks

Asana bug in new AI feature may have exposed data to other users for weeks

A bug in one of Asana's new AI features made user information accessible to other users for several weeks. The company said the issue was resolved and it was not the result of a malicious hack. Instead, it appeared to be a logic flaw in its MCP (Model Context Protocol) server that was released on May 1, according to cybersecurity firm UpGuard (via BleepingComputer). MCP is an open-source framework that enables AI assistants to interact with site…

Asana's cutting-edge AI feature ran into a little data leakage problem

New MCP server was shut down for nearly two weeks Asana has fixed a bug in its Model Context Protocol (MCP) server that could have allowed users to view other organizations’ data, and the experimental feature is back up and… Read more → The post Asana’s cutting-edge AI feature ran into a little data leakage problem appeared first on IT Security News.

Asana’s MCP AI connector could have exposed corporate data, CSOs warned

CSOs with Asana’s Model Context Protocol (MCP) server in their environment should scour their logs and metadata for data leaks after the discovery of a serious vulnerability. Asana, a software-as-a-service workplace management platform, said this week that its MCP server had been temporarily taken offline after it found what it called a bug. The server was back online Tuesday. But according to researchers at security provider Upguard, the hole, …