प्लेटफ़ॉर्म
nextjs
घटक
plane
में ठीक किया गया
0.23.1
CVE-2024-47830 describes a critical Server-Side Request Forgery (SSRF) vulnerability discovered in Plane, an open-source project management tool. This flaw allows attackers to manipulate the application into making requests to arbitrary internal or external resources, potentially exposing sensitive data or facilitating further attacks. The vulnerability affects versions of Plane prior to 0.23.0 and has been resolved in that release.
The SSRF vulnerability in Plane arises from improper handling of wildcard characters in image retrieval within the /web/next.config.js file. An attacker can craft a malicious URL containing wildcards, tricking the Plane server into sending requests to unintended destinations. This could include internal services not meant to be publicly accessible, cloud metadata endpoints (e.g., AWS IMDS), or even external websites controlled by the attacker. Successful exploitation could lead to information disclosure, privilege escalation, or even remote code execution if the targeted internal service is vulnerable. The blast radius extends to any internal resources accessible from the Plane server.
CVE-2024-47830 was publicly disclosed on 2024-10-11. The vulnerability's ease of exploitation and the potential for significant impact make it a high-priority concern. No public proof-of-concept (PoC) code has been widely released, but the SSRF nature of the vulnerability makes it relatively straightforward to exploit. It is not currently listed on CISA KEV, but its CRITICAL CVSS score warrants close monitoring. Active exploitation is possible.
Organizations using Plane for project management, particularly those with sensitive internal resources or cloud infrastructure, are at risk. Shared hosting environments where Plane is deployed alongside other applications are also vulnerable, as a compromised Plane instance could be used to pivot to other tenants. Legacy Plane deployments running older, unpatched versions are especially susceptible.
• generic web: Use curl to test for SSRF by attempting to access internal services or cloud metadata endpoints through the Plane application.
curl http://localhost:3000/web/next.config.js?image=http://169.254.169.254/latest/meta-data/iam/security-credentials/admin• linux / server: Monitor system logs (e.g., /var/log/syslog, /var/log/nginx/access.log) for outbound requests to unusual or unexpected destinations originating from the Plane application's process. Use ss or lsof to identify network connections established by the Plane process.
ss -t tcp -p | grep plane
lsof -i -p $(pidof plane)• generic web: Examine access and error logs for patterns indicative of SSRF attempts, such as requests to internal IP addresses or cloud metadata endpoints. Look for unusual HTTP status codes (e.g., 403 Forbidden) when attempting to access restricted resources.
disclosure
patch
एक्सप्लॉइट स्थिति
EPSS
0.40% (61% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2024-47830 is to immediately upgrade Plane to version 0.23.0 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or reverse proxy with strict outbound request filtering rules to block requests to suspicious domains or IP addresses. Carefully review and restrict any outbound network access granted to the Plane application. Monitor Plane logs for unusual outbound requests that may indicate exploitation attempts. After upgrading, confirm the fix by attempting to access an internal resource via a crafted URL; the request should be blocked or denied.
Actualice Plane a la versión 0.23.0 o superior. Esta versión corrige la vulnerabilidad de Server Side Request Forgery (SSRF) en el endpoint /_next/image. La actualización evitará que atacantes puedan realizar solicitudes a ubicaciones no deseadas desde el servidor.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-47830 is a critical SSRF vulnerability in Plane versions prior to 0.23.0, allowing attackers to make requests to unintended locations. It's a serious security risk due to its potential for data exposure and further attacks.
Yes, if you are running Plane version 0.23.0 or earlier, you are affected by this vulnerability. Immediate action is required to mitigate the risk.
Upgrade Plane to version 0.23.0 or later to resolve the SSRF vulnerability. If upgrading is not possible, implement WAF rules and restrict outbound network access.
While no widespread exploitation has been confirmed, the vulnerability's ease of exploitation and potential impact suggest active exploitation is possible. Vigilance and prompt patching are crucial.
Refer to the official Plane project repository and security advisories for detailed information and updates regarding CVE-2024-47830: [https://github.com/plane-project/plane](https://github.com/plane-project/plane)
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।