CVE-2024-47830

Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0.
Configurations

Configuration 1 (hide)

cpe:2.3:a:plane:plane:*:*:*:*:*:*:*:*

History

12 Nov 2024, 19:55

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.3
v2 : unknown
v3 : 5.8
CPE cpe:2.3:a:plane:plane:*:*:*:*:*:*:*:*
First Time Plane
Plane plane
References () https://github.com/makeplane/plane/commit/b9f78ba42b70461c8c1d26638fa8b9beef6a96a1 - () https://github.com/makeplane/plane/commit/b9f78ba42b70461c8c1d26638fa8b9beef6a96a1 - Patch
References () https://github.com/makeplane/plane/security/advisories/GHSA-39gx-38xf-c348 - () https://github.com/makeplane/plane/security/advisories/GHSA-39gx-38xf-c348 - Exploit, Vendor Advisory

15 Oct 2024, 12:58

Type Values Removed Values Added
Summary
  • (es) Plane es una herramienta de gestión de proyectos de código abierto. Plane utiliza el comodín ** para recuperar la imagen de cualquier nombre de host, como en /web/next.config.js. Esto puede permitir que un atacante induzca al servidor a realizar solicitudes a ubicaciones no deseadas. Esta vulnerabilidad se corrigió en la versión 0.23.0.

11 Oct 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-11 15:15

Updated : 2024-11-12 19:55


NVD link : CVE-2024-47830

Mitre link : CVE-2024-47830

CVE.ORG link : CVE-2024-47830


JSON object : View

Products Affected

plane

  • plane
CWE
CWE-918

Server-Side Request Forgery (SSRF)