Zed Mcp Server Jira

Name: Zed Mcp Server Jira
Author: nitipat009

mcp-atlassian · by nitipat009

Rust-based Zed extension that launches the upstream [`mcp-atlassian`](https://github.com/sooperset/mcp-atlassian) server for Jira/Confluence.

0 tools GitHub PyPI

No known CVEs

Apache-2.0 license

Actively maintained

Last commit 3d ago

Untested

Transport: stdio, http

0 tools

Grade F

Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Untested on Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "zed-mcp-server-jira": {
      "args": [
        "mcp-atlassian"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/zed-mcp-server-jira)](https://mcppedia.org/s/zed-mcp-server-jira)

Read me

What Zed Mcp Server Jira does

Rust-based Zed extension that launches the upstream mcp-atlassian server for Jira/Confluence.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'mcp-atlassian' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

51/100across 5 weighted dimensions

How we score →

0255075100

−49

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

2 fixed

CVE-2026-27825low · fixedCVSS 3.1

MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

### Summary The `confluence_download_attachment` MCP tool accepts a `download_path` parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the server process has write access to. Because the attacker controls both the write destination and the written content (via an uploaded Confluence attachment), this constitutes for arbitrary code ex

Affected: >= 0Fixed in 0.17.0source →

CVE-2026-27826low · fixedCVSS 3.1

MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers

### Summary An unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL by supplying two custom HTTP headers without an `Authorization` header. No authentication is required. The vulnerability exists in the HTTP middleware and dependency injection layer — not in any MCP tool handler - making it invisible to tool-level code analysis. In cloud deployments, this could enable theft of IA

Affected: >= 0Fixed in 0.17.0source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Zed Mcp Server Jira safe to use?: Zed Mcp Server Jira has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.
How do I install Zed Mcp Server Jira?: Zed Mcp Server Jira supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Zed Mcp Server Jira?: Zed Mcp Server Jira is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and http transport.
Is Zed Mcp Server Jira actively maintained?: Zed Mcp Server Jira is actively maintained — last commit was 3 days ago.

Similar servers

Others in developer-tools

View all →

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.3k 2

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.3k 1

Supabase MCP Server96

Manage Supabase projects — databases, auth, storage, and edge functions

2.6k 4

Gemini Cli95

An open-source AI agent that brings the power of Gemini directly into your terminal.

102.4k 8

MCP Security Weekly

Get CVE alerts and security updates for Zed Mcp Server Jira and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

What this extension does

Registers a Zed context server with ID jira-mcp

Resolves runtime in this order:

uvx mcp-atlassian
uv tool run mcp-atlassian
python3 -m mcp_atlassian (or python)

Reads credentials from Zed settings and injects them into command env

Returns descriptive errors with captured stderr when launch preflight fails

Zed configuration

Set credentials in Zed settings:

{ "context_servers": { "jira-mcp": { "settings": { "env": { "JIRA_URL": "https://your-company.atlassian.net", "JIRA_USERNAME": "your.email@company.com", "JIRA_API_TOKEN": "your_api_token", "CONFLUENCE_URL": "https://your-company.atlassian.net/wiki", "CONFLUENCE_USERNAME": "your.email@company.com", "CONFLUENCE_API_TOKEN": "your_api_token" } } } } }

For Jira Server/Data Center, prefer JIRA_PERSONAL_TOKEN.

Optional explicit command override

You can provide a custom command path/args via Zed settings:

{ "context_servers": { "jira-mcp": { "command": { "path": "uvx", "arguments": ["mcp-atlassian"], "env": { "JIRA_URL": "https://your-company.atlassian.net" } } } } }

If command.path is set without arguments, the extension auto-inferrs args for uvx, uv, and python/python3.

Frequently Asked Questions

Is Zed Mcp Server Jira safe to use?

Zed Mcp Server Jira has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.

How do I install Zed Mcp Server Jira?

Zed Mcp Server Jira supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Zed Mcp Server Jira?

Zed Mcp Server Jira is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and http transport.

Is Zed Mcp Server Jira actively maintained?

Zed Mcp Server Jira is actively maintained — last commit was 3 days ago.

Jira MCP Server for Zed

Rust-based Zed extension that launches the upstream mcp-atlassian server for Jira/Confluence.

What this extension does

Registers a Zed context server with ID jira-mcp
Resolves runtime in this order:
1. uvx mcp-atlassian
2. uv tool run mcp-atlassian
3. python3 -m mcp_atlassian (or python)
Reads credentials from Zed settings and injects them into command env
Returns descriptive errors with captured stderr when launch preflight fails

Install as a dev extension

Before installing, ensure Rust is installed via rustup and WASM target exists:

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
rustup default stable
rustup target add wasm32-wasip1

Open Zed.
Run zed: install dev extension.
Select this directory: jira-mcp-server-zed-ide.

Runtime prerequisites

Preferred:

curl -LsSf https://astral.sh/uv/install.sh | sh

Fallback:

python3 -m pip install --user mcp-atlassian

Zed configuration

Set credentials in Zed settings:

{
  "context_servers": {
    "jira-mcp": {
      "settings": {
        "env": {
          "JIRA_URL": "https://your-company.atlassian.net",
          "JIRA_USERNAME": "your.email@company.com",
          "JIRA_API_TOKEN": "your_api_token",
          "CONFLUENCE_URL": "https://your-company.atlassian.net/wiki",
          "CONFLUENCE_USERNAME": "your.email@company.com",
          "CONFLUENCE_API_TOKEN": "your_api_token"
        }
      }
    }
  }
}

For Jira Server/Data Center, prefer JIRA_PERSONAL_TOKEN.

Optional explicit command override

You can provide a custom command path/args via Zed settings:

{
  "context_servers": {
    "jira-mcp": {
      "command": {
        "path": "uvx",
        "arguments": ["mcp-atlassian"],
        "env": {
          "JIRA_URL": "https://your-company.atlassian.net"
        }
      }
    }
  }
}

If command.path is set without arguments, the extension auto-inferrs args for uvx, uv, and python/python3.