CVE-2023-3432 – This CVE describes a Server-Side Request Forger... (How to Fix)

Q: What is the severity of CVE-2023-3432?

CVE-2023-3432 has a CVSS score of 10.0 (CRITICAL). This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to 1.2023.9. Attackers can exploit this vulnerability to make the PlantUML server send unauthorized requests to internal systems, potentially accessing sensitive data or services. Anyone using PlantUML server versions before 1.2023.9 is affected.

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to 1.2023.9. Attackers can exploit this vulnerability to make the PlantUML server send unauthorized requests to internal systems, potentially accessing sensitive data or services. Anyone using PlantUML server versions before 1.2023.9 is affected.

💻 Affected Systems

Products:

PlantUML

Versions: All versions prior to 1.2023.9

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects PlantUML server deployments that process user-supplied diagram definitions. Standalone/local usage may be less vulnerable.

📦 What is this software?

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Plantuml by Plantuml

View all CVEs affecting Plantuml →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of internal network resources, data exfiltration from internal services, or lateral movement to other systems via the PlantUML server's network position.

🟠

Likely Case

Unauthorized access to internal HTTP/HTTPS services, metadata services (like AWS/Azure instance metadata), or internal APIs that the PlantUML server can reach.

🟢

If Mitigated

Limited impact if network segmentation restricts PlantUML server's outbound connections and internal services require authentication.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SSRF vulnerabilities are commonly exploited and public proof-of-concept exists in the commit references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2023.9 and later

Vendor Advisory: https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797

Restart Required: Yes

Instructions:

1. Download PlantUML version 1.2023.9 or later from https://plantuml.com/download. 2. Replace existing PlantUML JAR/WAR files with the updated version. 3. Restart the PlantUML server/service.

🔧 Temporary Workarounds

Network Restriction

linux

Restrict outbound network connections from the PlantUML server using firewall rules

iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP

Input Validation

all

Implement input validation to reject PlantUML definitions containing URLs or network references

🧯 If You Can't Patch

Deploy network segmentation to isolate PlantUML server from sensitive internal systems
Implement web application firewall (WAF) rules to detect and block SSRF patterns in requests

🔍 How to Verify

Check if Vulnerable:

Check PlantUML version: java -jar plantuml.jar -version | grep -i version

Check Version:

java -jar plantuml.jar -version

Verify Fix Applied:

Verify version is 1.2023.9 or higher: java -jar plantuml.jar -version

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP/HTTPS requests from PlantUML server
Requests to internal IP addresses or metadata services

Network Indicators:

PlantUML server making unexpected connections to internal services
HTTP requests to 169.254.169.254 (AWS metadata) or similar

SIEM Query:

source="plantuml.log" AND (dest_ip=10.0.0.0/8 OR dest_ip=172.16.0.0/12 OR dest_ip=192.168.0.0/16 OR dest_ip=169.254.169.254)

📊 Metadata

CVE ID: CVE-2023-3432

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE: CWE-918

Published: June 27, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797 Patch
https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51 Exploit,Patch,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FV7XL3CY3K3K5ER3ASMEQA546MIQQ7QM/ Mailing List,Third Party Advisory
https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797 Patch
https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51 Exploit,Patch,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FV7XL3CY3K3K5ER3ASMEQA546MIQQ7QM/ Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3432, you might also want to check these: