Security Advisory

CVE-2025-48070

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-21 22:11:06

Last updated 2025-05-22 15:52:48

Assigner GitHub_M

State PUBLISHED

Description

Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site scripting (XSS). Version 0.23 fixes the issue.

← Browse all CVEs View on cve.org ↗