Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0.
References
Link | Resource |
---|---|
https://github.com/makeplane/plane/commit/b9f78ba42b70461c8c1d26638fa8b9beef6a96a1 | Patch |
https://github.com/makeplane/plane/security/advisories/GHSA-39gx-38xf-c348 | Exploit Vendor Advisory |
Configurations
History
12 Nov 2024, 19:55
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.8 |
CPE | cpe:2.3:a:plane:plane:*:*:*:*:*:*:*:* | |
First Time |
Plane
Plane plane |
|
References | () https://github.com/makeplane/plane/commit/b9f78ba42b70461c8c1d26638fa8b9beef6a96a1 - Patch | |
References | () https://github.com/makeplane/plane/security/advisories/GHSA-39gx-38xf-c348 - Exploit, Vendor Advisory |
15 Oct 2024, 12:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
11 Oct 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-11 15:15
Updated : 2024-11-12 19:55
NVD link : CVE-2024-47830
Mitre link : CVE-2024-47830
CVE.ORG link : CVE-2024-47830
JSON object : View
Products Affected
plane
- plane
CWE
CWE-918
Server-Side Request Forgery (SSRF)