2 matches found
CVE-2025-48070 Plane has insecure permissions in UserSerializer
Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site...
Plane 安全漏洞
Plane is an open source, self-hosted project planning tool from Plane Open Source. A security vulnerability exists in Plane versions prior to 0.23 that stems from improper UserSerializer permissions, which could lead to account takeover...