CVE-2024-47830
Plane allows server side request forgery via /_next/image endpoint
Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H
Productos afectados
makeplane · plane¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →