CVE-2024-31461
📋 TL;DR
Plane project management tool versions before 0.17-dev have a Server-Side Request Forgery (SSRF) vulnerability that allows attackers to make arbitrary requests from the application server. This could lead to unauthorized access to internal systems, data leakage, and manipulation of internal APIs. All users running vulnerable versions are affected.
💻 Affected Systems
- Plane
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of internal network via server pivoting, credential theft from internal services, and data exfiltration from protected systems.
Likely Case
Unauthorized access to internal APIs and services, potential leakage of sensitive information from internal systems accessible to the server.
If Mitigated
Limited impact due to network segmentation and strict egress filtering, potentially only denial of service against internal services.
🎯 Exploit Status
SSRF vulnerabilities typically have low exploitation complexity once the vulnerable endpoint is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.17-dev
Vendor Advisory: https://github.com/makeplane/plane/security/advisories/GHSA-j77v-w36v-63v6
Restart Required: Yes
Instructions:
1. Update Plane to version 0.17-dev or later. 2. Restart the Plane application. 3. Verify the fix by checking the version and testing SSRF vectors.
🔧 Temporary Workarounds
Network egress filtering
linuxRestrict outgoing network connections from servers hosting Plane to essential services only
iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP
🧯 If You Can't Patch
- Implement strict input validation on all URL parameters used for server-side requests
- Deploy network segmentation to isolate Plane servers from sensitive internal systems
🔍 How to Verify
Check if Vulnerable:
Check Plane version - if earlier than 0.17-dev, the system is vulnerableCheck Version:
Check Plane web interface settings or deployment configuration for version numberVerify Fix Applied:
Confirm version is 0.17-dev or later and test SSRF vectors that previously worked📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from Plane server to internal IP ranges
- Requests to unexpected domains or internal services
Network Indicators:
- Outbound connections from Plane server to non-whitelisted destinations
- HTTP requests to internal services from application server
SIEM Query:
source="plane-logs" AND (url CONTAINS "internal" OR url CONTAINS "localhost" OR url CONTAINS "127.0.0.1" OR url CONTAINS "192.168" OR url CONTAINS "10." OR url CONTAINS "172.16")🔗 References
- https://github.com/makeplane/plane/commit/4b0ccea1461b7ca38761dfe0d0f07c2f94425005
- https://github.com/makeplane/plane/commit/d887b780aea5efba3f3d28c47d7d83f8b3e1e21c
- https://github.com/makeplane/plane/pull/3323
- https://github.com/makeplane/plane/pull/3333
- https://github.com/makeplane/plane/security/advisories/GHSA-j77v-w36v-63v6
- https://securitylab.github.com/advisories/GHSL-2023-257_makeplane_plane
- https://github.com/makeplane/plane/commit/4b0ccea1461b7ca38761dfe0d0f07c2f94425005
- https://github.com/makeplane/plane/commit/d887b780aea5efba3f3d28c47d7d83f8b3e1e21c
- https://github.com/makeplane/plane/pull/3323
- https://github.com/makeplane/plane/pull/3333
- https://github.com/makeplane/plane/security/advisories/GHSA-j77v-w36v-63v6
- https://securitylab.github.com/advisories/GHSL-2023-257_makeplane_plane
