5 matches found
CVE-2025-48070
Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site...
CVE-2025-48070 Plane has insecure permissions in UserSerializer
Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site...
CVE-2025-48070 Plane has insecure permissions in UserSerializer
Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site...
PT-2025-22443 · Plane · Plane
Name of the Vulnerable Software and Affected Versions: Plane versions prior to 0.23 Description: The issue concerns insecure permissions in the UserSerializer that allow users to modify fields intended to be read-only, such as the email. This can potentially lead to account takeover when combined...
Plane 安全漏洞
Plane is an open source, self-hosted project planning tool from Plane Open Source. A security vulnerability exists in Plane versions prior to 0.23 that stems from improper UserSerializer permissions, which could lead to account takeover...