Plane Server-Side Request Forgery Vulnerability in 'Add Link' Feature

A full read server-side request forgery (SSRF) vulnerability has been identified in Plane, an open-source project management tool, prior to version 1.2.2. This vulnerability exists in the 'Add Link' feature, allowing authenticated users with general privileges to send arbitrary GET requests to the internal network and exfiltrate the full response body. Exploitation of this vulnerability could lead to the theft of sensitive data from internal services and cloud metadata endpoints.

Impact

Exploitation of this vulnerability allows for full read SSRF, meaning an attacker can read the entire HTTP or HTTPS response body from internal network services. This could result in the exfiltration of sensitive data, such as instance credentials and IAM roles from cloud metadata endpoints, or data from internal APIs or unauthenticated services like object storage. Additionally, this vulnerability could be used for internal reconnaissance, identifying the status of hosts and ports within the internal network.

Remediation

Users can upgrade to Plane version 1.2.2 to address this vulnerability.