Platform
python
Component
posthog
Fixed in
8817.0.1
CVE-2024-9710 is an Information Disclosure vulnerability discovered in PostHog, a product analytics platform. This flaw allows remote attackers, requiring authentication, to potentially expose sensitive information. The vulnerability affects versions b8817c14065c23159dcf52849f0bdcd12516c43e through b8817c14065c23159dcf52849f0bdcd12516c43e. A fix is available, requiring users to upgrade to a patched version.
The core of the vulnerability lies in the database_schema method within PostHog, where insufficient validation of a URI allows an attacker to trigger a Server-Side Request Forgery (SSRF). This SSRF can be exploited to access internal resources and, critically, disclose sensitive information. While authentication is required, a compromised account or successful credential theft would grant an attacker access to this information. The potential data at risk includes configuration details, database credentials (if improperly stored), and potentially user data depending on the internal resources accessible via the SSRF. The blast radius extends to any system or data accessible from the PostHog server through the SSRF, making careful network segmentation essential.
CVE-2024-9710 was publicly disclosed on 2024-11-22. The vulnerability was reported to ZDI as ZDI-CAN-25351. The CVSS score of 7.1 (HIGH) indicates a significant risk. Public proof-of-concept (PoC) code is currently unknown, but the SSRF nature of the vulnerability makes it likely that PoCs will emerge. It is not currently listed on the CISA KEV catalog, but this could change as the vulnerability gains more attention.
Exploit Status
EPSS
0.81% (74% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-9710 is to upgrade to a patched version of PostHog. Unfortunately, a specific fixed version is not provided in the input. Until a patched version is available, consider implementing temporary workarounds. Restrict network access to the PostHog server, limiting outbound connections to only essential services. Implement a Web Application Firewall (WAF) with rules to block suspicious SSRF requests, specifically targeting URI patterns that could lead to internal resource access. Monitor PostHog logs for unusual outbound requests or errors related to the database_schema endpoint. If possible, isolate the PostHog instance within a secure network segment to minimize the potential impact of a successful exploitation.
Update PostHog to a version later than the affected version. Consult the release notes for specific upgrade and mitigation instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-9710 is a HIGH severity Information Disclosure vulnerability in PostHog that allows authenticated attackers to disclose sensitive information due to insufficient URI validation in the database_schema method.
You are affected if you are running PostHog versions b8817c14065c23159dcf52849f0bdcd12516c43e–b8817c14065c23159dcf52849f0bdcd12516c43e and have not upgraded to a patched version.
The recommended fix is to upgrade to a patched version of PostHog. Monitor the PostHog website and security advisories for the availability of a fix. Until then, implement temporary workarounds like network restrictions and WAF rules.
While active exploitation is not confirmed, the SSRF nature of the vulnerability suggests that exploitation is possible and PoCs may emerge. Monitor your PostHog instance for suspicious activity.
Refer to the official PostHog security advisories and documentation on their website for the latest information and updates regarding CVE-2024-9710.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.