Server-Side Request Forgery Vulnerability Affects Plane Project Management Tool
CVE-2024-31461

9.1CRITICAL

Key Information:

Vendor

Makeplane

Status
Plane
Vendor
CVE Published:
10 April 2024

What is CVE-2024-31461?

The Plane project management tool has a significant vulnerability related to Server-Side Request Forgery (SSRF). This vulnerability allows attackers to send arbitrary requests from the server where the application is hosted, potentially granting them unauthorized access to internal systems. The implications include unauthorized interaction with internal APIs, leakage of sensitive information, and manipulation of internal systems via external requests. Users are encouraged to update to version 0.17-dev, which includes remediation for this issue. For those unable to update, restricting outgoing network connections and implementing stringent input validation for URLs used to generate server-side requests can serve as important mitigation strategies.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

plane < 0.17-dev

References

https://github.com/makeplane/plane/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/makeplane/plane/pull/3323
x_refsource_MISC
https://github.com/makeplane/plane/pull/3333
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.