CVE-2024-12667

Name of the Vulnerable Software and Affected Versions InvoicePlane versions up to 1.6.1

Description A vulnerability was found in InvoicePlane, affecting some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely, with a rather high complexity and difficult exploitation. The exploit has been disclosed to the public and may be used.

Recommendations For InvoicePlane versions up to 1.6.1, upgrade to version 1.6.2-beta-1 to address this issue. It is recommended to upgrade the affected component. As a temporary workaround, consider restricting access to the /invoices/view file until the issue is resolved.