CVE-2025-69284 – In plane.io, a Guest User to a Workspace can still be able to see list of members

CVE ID : CVE-2025-69284

Published : Jan. 2, 2026, 3:42 p.m. | 43 minutes ago

Description : Plane is an an open-source project management tool. In plane.io, a guest user doesn’t have a permission to access https[:]//app[.]plane[.]so/[:]slug/settings. Prior to Plane version 1.2.0, a problem occurs when the `/api/workspaces/:slug/members/` is accessible by guest and able to list of users on a specific workspace that they joined. Since the `display_name` in the response is actually the handler of the email, a malicious guest can still identify admin users’ email addresses. Version 1.2.0 fixes this issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-69284 – In plane.io, a Guest User to a Workspace can still be able to see list of members

تکمیل ظرفیت سرور لهستان

سرور مناسب برای ترید و ارز دیجیتال

دیتاسنتر جدید در لهستان

سرور های جدید از اسپانیا

AMD EPYC & Ryzen از کشور انگلستان

آفر های جدید AMD EPYC و AMD Ryzen

آفر سرور اختصاصی از آمریکا

افزایش قیمت دامنه های ir از ۳۱ خرداد

افزایش قیمت جهانی دامنه .com

آفر های جدید سرور اختصاصی مرداد 1403

CVE-2025-67159 – Vatilon Unsecured Credential Transmission Vulnerability

سرور های جدید از روسیه-وارز

تخفیف ویژه دامنه .ASIA

ثبت دامنه .IO

انتقال رایگان پسوند دامنه PW

Kerio Control 9.2.4 Build 2223

نوشته های مشابه

CVE-2026-0568 – code-projects Online Music Site ViewSongs.php sql injection

CVE-2026-0567 – code-projects Content Management System pages.php sql injection

CVE-2026-21429 – Emlog has Broken Access Control (BAC)

CVE-2026-0566 – code-projects Content Management System edit_posts.php unrestricted upload