PyPI package
plane
pkg:pypi/plane
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-30242 | — | < 1.2.3 | 1.2.3 | Mar 6, 2026 | Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.is_loopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses (1 | ||
| CVE-2026-30244 | — | >= 0 | — | Mar 6, 2026 | Plane is an an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerability stems from Django REST Framew |
- CVE-2026-30242Mar 6, 2026affected < 1.2.3fixed 1.2.3
Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.is_loopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses (1
- CVE-2026-30244Mar 6, 2026affected >= 0
Plane is an an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerability stems from Django REST Framew