We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-2268

Plane v0.7.1 - Unauthorized access to files



AssignerFluid Attacks
Reserved2023-04-24
Published2023-07-15
Updated2024-09-05

Description

Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users.



HIGH: 7.1CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-862 Missing Authorization

Product status

Default status
0x400166c650

0.7.1
affected

References

https://fluidattacks.com/advisories/giardino/

https://github.com/makeplane/plane

cve.org CVE-2023-2268

nvd.nist.gov CVE-2023-2268

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-2268
Subscribe to our newsletter to learn more about our work.