CVE-2024-31461

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-31461
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31461.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-31461
Related
  • GHSA-j77v-w36v-63v6
Published
2024-04-10T18:15:07Z
Modified
2025-07-02T00:31:54.154874Z
Summary
[none]
Details

Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. The impact of this vulnerability includes, but is not limited to, unauthorized access to internal services accessible from the server, potential leakage of sensitive information from internal services, manipulation of internal systems by interacting with internal APIs. Version 0.17-dev contains a patch for this issue. Those who are unable to update immediately may mitigate the issue by restricting outgoing network connections from servers hosting the application to essential services only and/or implementing strict input validation on URLs or parameters that are used to generate server-side requests.

References

Affected packages

Git / github.com/makeplane/plane

Affected ranges

Type
GIT
Repo
https://github.com/makeplane/plane
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v0.*

v0.1-dev
v0.10-dev
v0.11-dev
v0.12-dev
v0.12.1-dev
v0.12.2-dev
v0.13-dev
v0.13.1-dev
v0.13.2-dev
v0.14-dev
v0.14.1-dev
v0.14.2-dev
v0.2-dev
v0.2.1-dev
v0.3.1-dev
v0.4-dev
v0.5-dev
v0.6-dev
v0.7-dev
v0.7.1-dev
v0.8-dev
v0.9-dev