CVE-2024-47830
Plane allows server side request forgery via /_next/image endpoint
Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H
Produtos afetados
makeplane · planeQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →