{
  "same_underlying_weakness": true,
  "confidence": "high",
  "parent_root_cause": "Host-side remote MCP authentication discovery followed URLs and redirects controlled by a remote MCP/OAuth discovery endpoint without complete SSRF protections.",
  "variant_root_cause": "A later Dynamic Client Registration metadata re-fetch uses oauthproto.FetchAuthorizationServerMetadata with an unguarded nil-client default, allowing a remote authorization server metadata endpoint to redirect the host-side client to a separate internal/loopback URL.",
  "shared_sink_properties": [
    "Host-process HTTP client performs outbound request before container sandbox can mediate it",
    "URL or redirect target is influenced by untrusted remote MCP/OAuth discovery responses",
    "Impact is host-side SSRF to a loopback/internal canary"
  ],
  "distinct_trigger_properties": [
    "Parent trigger: 302 while fetching RFC 9728 resource_metadata in FetchResourceMetadata",
    "Variant trigger: 302 during RFC 8414 authorization-server metadata re-fetch for Dynamic Client Registration in oauthproto.FetchAuthorizationServerMetadata"
  ],
  "fix_bypass_explanation": "v0.31.0 applies SameHostRedirectPolicy/private-IP blocking to FetchResourceMetadata and OIDC discovery clients, but does not apply them to oauthproto.buildDiscoveryHTTPClient when called with a nil client from resolveDCRCredentials.",
  "primary_anchor": {
    "file_path": "pkg/auth/discovery/discovery.go",
    "line_start": 731,
    "line_end": 731,
    "symbol": "resolveDCRCredentials"
  },
  "unguarded_client_anchor": {
    "file_path": "pkg/oauthproto/discovery.go",
    "line_start": 191,
    "line_end": 201,
    "symbol": "buildDiscoveryHTTPClient"
  },
  "evidence": {
    "fixed_auth_log": "bundle/logs/vuln_variant/fixed_auth.log",
    "fixed_canary_log": "bundle/logs/vuln_variant/fixed_canary.log",
    "latest_canary_log": "bundle/logs/vuln_variant/latest_canary.log"
  }
}
