Vulnerabilities > CVE-2024-47830 - Server-Side Request Forgery (SSRF) vulnerability in Plane

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

plane

CWE-918

NVD

Published: 2024-10-11

Updated: 2024-11-12

Summary

Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0.

Vulnerable Configurations

Part	Description	Count
Application	Plane Plane Plane 0.1 Plane Plane 0.2 Plane Plane 0.2.1 Plane Plane 0.3 Plane Plane 0.3.1 Plane Plane 0.4 Plane Plane 0.5 Plane Plane 0.6 Plane Plane 0.7 Plane Plane 0.7.1 Plane Plane 0.8 Plane Plane 0.9	12

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://github.com/makeplane/plane/security/advisories/GHSA-39gx-38xf-c348
https://github.com/makeplane/plane/commit/b9f78ba42b70461c8c1d26638fa8b9beef6a96a1