Vulnerabilities

CVE-2025-69284 - In plane.io, a Guest User to a Workspace can still be able to see list of members

2026-01-02 0 views admin
CVE-2025-69284 - In plane.io, a Guest User to a Workspace can still be able to see list of members

CVE ID : CVE-2025-69284 Published : Jan. 2, 2026, 3:42 p.m. | 19 minutes ago Description : Plane is an an open-source project management tool. In plane.io, a guest user doesn't have a permission to access https[:]//app[.]plane[.]so/[:]slug/settings. Prior to Plane version 1.2.0, a problem occurs when the `/api/workspaces/:slug/members/` is accessible by guest and able to list of users on a specific workspace that they joined. Since the `display_name` in the response is actually the handler of the email, a malicious guest can still identify admin users' email addresses. Version 1.2.0 fixes this issue. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Published
Jan. 2, 2026

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-69284

More from Vulnerabilities

CVE-2025-53593 - QTS, QuTS hero

CVE-2025-53593 - QTS, QuTS hero

2026-01-02 0
CVE-2025-65125 - Gosaliajainam Online-Movie-Booking SQL Injection Vulnerability

CVE-2025-65125 - Gosaliajainam Online-Movie-Booking SQL Injection Vulnerability

2026-01-02 0
CVE-2025-62857 - QuMagie

CVE-2025-62857 - QuMagie

2026-01-02 0
CVE-2025-57705 - QTS, QuTS hero

CVE-2025-57705 - QTS, QuTS hero

2026-01-02 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views