Plane Vulnerability Could Allow Server-Side Request Forgery
CVE-2024-47830

5.8MEDIUM

Key Information:

Vendor: Makeplane
Status: Plane
Vendor: CVE Published:; 11 October 2024

What is CVE-2024-47830?

Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0.

Affected Version(s)

plane < 0.23.0

References

https://github.com/makeplane/plane/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/makeplane/plane/commit/b9f78ba42b70461...

x_refsource_MISC

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Oct 3, 2024

CVE-2024-47830 Data

JSON

Makeplane

What is CVE-2024-47830?

Affected Version(s)

References

CVSS V3.1

Timeline