Plane v0.7.1 - Unauthorized access to files
CVE-2023-2268

7.1HIGH

Key Information:

Vendor: Plane
Status: Plane
Vendor: CVE Published:; 15 July 2023

What is CVE-2023-2268?

A vulnerability in Plane version 0.7.1 permits unauthenticated attackers to access and view all stored server files across all user accounts. This can lead to unauthorized data exposure, potentially compromising user privacy and sensitive information.

Affected Version(s)

Plane Linux 0.7.1

References

https://fluidattacks.com/advisories/giardino/

https://github.com/makeplane/plane

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2023
Vulnerability Reserved
Apr 24, 2023

CVE-2023-2268 Data

JSON