Описание
Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site scripting (XSS). Version 0.23 fixes the issue.
Уязвимые конфигурации
Конфигурация 1Версия до 0.23.0 (исключая)
cpe:2.3:a:plane:plane:*:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00044
Низкий
3.5 Low
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-276
EPSS
Процентиль: 13%
0.00044
Низкий
3.5 Low
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-276