CNNVD-202601-705 Information

CNNVD ID

CNNVD-202601-705

Related CVE

CVE-2025-69284

• CNNVD Published: 2026-01-02

Description (Chinese)

Plane是Plane开源的一个开源、自托管的项目规划工具。 Plane 1.2.0之前版本存在访问控制错误漏洞，该漏洞源于访客用户可访问特定工作区成员列表并识别管理员电子邮件地址，可能导致信息泄露。

Description (English)

Plane is an open-source, self-hosted project planning tool for Plane ’ s open source. The previous version of Plane 1.2.0 had a bug in access control, which stemmed from the fact that visitors could access the list of members of a particular workspace and identify the administrator ’ s e-mail address, which could lead to a leak of information.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

Plane

Published

2026-01-02

Last Modified

2026-02-24

References

https://github.com/makeplane/plane/security/advisories/GHSA-7qx6-6739-c7qr https://access.redhat.com/security/cve/cve-2025-69284

Patch

https://github.com/makeplane/plane/releases