binarybeach/bb-plane-fork
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
bb-plane-fork/apps/api/plane/app/views
History
sriram veeraghanta a01b51fca5
fix: scope IssueBulkUpdateDateEndpoint query to workspace and project (#8834) 
The bulk update date endpoint fetched issues by ID without filtering
by workspace or project, allowing any authenticated project member to
modify start_date and target_date of issues in any workspace/project
across the entire instance (IDOR - CWE-639).

Scoped the query to include workspace__slug and project_id filters,
consistent with other issue endpoints in the codebase.

Ref: GHSA-4q54-h4x9-m329
2026-03-31 17:43:35 +05:30
..
analytic chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
asset fix: IDOR Vulnerabilities in Asset & Attachment Endpoints (#8644) 2026-02-20 18:03:57 +05:30
cycle chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
estimate chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
exporter chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
external chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
intake chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
issue fix: scope IssueBulkUpdateDateEndpoint query to workspace and project (#8834) 2026-03-31 17:43:35 +05:30
module chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
notification chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
page [WIKI-852] chore: update page version save logic (#8440) 2026-03-03 19:10:42 +05:30
project [WEB-6194]migration: added archived_at in IssueView #8641 2026-02-17 19:06:13 +05:30
search chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
state chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
timezone chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
user chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
view chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
webhook chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
workspace [VPAT-51] fix: update workspace invitation flow to use token for validation #8508 2026-02-17 00:02:18 +05:30
__init__.py chore: remove service token endpoint which is unused (#8797) 2026-03-25 13:13:58 +05:30
api.py chore: remove service token endpoint which is unused (#8797) 2026-03-25 13:13:58 +05:30
base.py chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
error_404.py chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30