Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/05/23 10:30 p.m.21 views

CVE-2025-48070

Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site...

4.3CVSS6.1AI score0.00227EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/05/21 10:11 p.m.9 views

CVE-2025-48070 Plane has insecure permissions in UserSerializer

Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site...

3.5CVSS3.7AI score0.00227EPSS
Exploits1References2
cvelist
cvelist
added 2025/05/21 10:11 p.m.16 views

CVE-2025-48070 Plane has insecure permissions in UserSerializer

Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site...

3.5CVSS0.00227EPSS
Exploits1References2
osv
osv
added 2025/05/21 10:11 p.m.7 views

CVE-2025-48070 Plane has insecure permissions in UserSerializer

Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site...

3.5CVSS6.2AI score0.00227EPSS
Exploits1References4
Rows per page
Query Builder