Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Plane Exposes User Email (PII and part of credential) in GET Parameter
Vulnerability Description
Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow where a user's email address is included as a query parameter in the URL during error handling (e.g., when an invalid magic code is submitted). Transmitting personally identifiable information (PII) via GET request query strings is classified as an insecure design practice. The affected code path is located in the authentication utility module (packages/utils/src/auth.ts). This vulnerability is fixed in 1.3.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Plane 安全漏洞
Vulnerability Description
Plane是Plane开源的一个开源、自托管的项目规划工具。 Plane 1.3.0之前版本存在安全漏洞,该漏洞源于身份验证流程中将用户电子邮件地址作为查询参数传输,可能导致个人信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A