VYPR
Unrated severityNVD Advisory· Published May 21, 2025· Updated May 22, 2025

Plane has insecure permissions in UserSerializer

CVE-2025-48070

Description

Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site scripting (XSS). Version 0.23 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Plane/Planellm-fuzzy2 versions
    <0.23+ 1 more
    • (no CPE)range: <0.23
    • (no CPE)range: < 0.23

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.