Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Plane has insecure permissions in UserSerializer
Vulnerability Description
Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site scripting (XSS). Version 0.23 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
缺省权限不正确
Vulnerability Title
Plane 安全漏洞
Vulnerability Description
Plane是Plane开源的一个开源、自托管的项目规划工具。 Plane 0.23之前版本存在安全漏洞,该漏洞源于UserSerializer权限不当,可能导致账户接管。
CVSS Information
N/A
Vulnerability Type
N/A