Lucene search
JetBrainsCVE-2024-38505HistoryJun 18, 2024 - 11:15 a.m.
CVE-2024-38505
2024-06-1811:15:51
CWE-522
JetBrains
web.nvd.nist.gov
28
jetbrains youtrack
user access token
insecure transmission
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
5.3
Confidence
High
EPSS
0.001
Percentile
37.7%
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
Affected configurations
Node
jetbrainsyoutrackRange<2024.2.34646
CNA Affected
[
{
"vendor": "JetBrains",
"product": "YouTrack",
"versions": [
{
"version": "0",
"status": "affected",
"lessThan": "2024.2.34646",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
vulnrichment
vulnrichment
CVE-2024-38505
2024-06-18 10:42:07
nvd
nvd
CVE-2024-38505
2024-06-18 11:15:51
cvelist
cvelist
CVE-2024-38505
2024-06-18 10:42:07
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
5.3
Confidence
High
EPSS
0.001
Percentile
37.7%
Related for CVE-2024-38505