Plane Vulnerability Could Allow Server-Side Request Forgery
CVE-2024-47830

5.8MEDIUM

Key Information:

Vendor: Makeplane
Status: Plane
Vendor: CVE Published:; 11 October 2024

What is CVE-2024-47830?

Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

plane < 0.23.0

References

https://github.com/makeplane/plane/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/makeplane/plane/commit/b9f78ba42b70461...

x_refsource_MISC

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Oct 3, 2024

JSON

Makeplane

What is CVE-2024-47830?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.