{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T14:06:24.183","vulnerabilities":[{"cve":{"id":"CVE-2026-30244","sourceIdentifier":"security-advisories@github.com","published":"2026-03-06T22:16:01.900","lastModified":"2026-03-10T16:23:32.280","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Plane is an an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerability stems from Django REST Framework permission classes being incorrectly configured to allow anonymous access to protected endpoints. This issue has been patched in version 1.2.2."},{"lang":"es","value":"Plane es una herramienta de gestión de proyectos de código abierto. Antes de la versión 1.2.2, atacantes no autenticados pueden enumerar a los miembros del espacio de trabajo y extraer información sensible, incluyendo direcciones de correo electrónico, roles de usuario e identificadores internos. La vulnerabilidad se debe a que las clases de permisos de Django REST Framework estaban configuradas incorrectamente para permitir el acceso anónimo a puntos finales protegidos. Este problema ha sido parcheado en la versión 1.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:plane:plane:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.2","matchCriteriaId":"5CFB7634-F7C4-45BE-BCA9-FB73B6287FAC"}]}]}],"references":[{"url":"https://github.com/makeplane/plane/releases/tag/v1.2.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/makeplane/plane/security/advisories/GHSA-87x4-j8vh-p5qf","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}