CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
The version of JetBrains YouTrack installed on the remote host is prior to 2024.3.44799. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory.
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project (CVE-2024-47159)
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible (CVE-2024-47160)
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page (CVE-2024-47162)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(207836);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/27");
script_cve_id("CVE-2024-47159", "CVE-2024-47160", "CVE-2024-47162");
script_xref(name:"IAVA", value:"2024-A-0596");
script_name(english:"JetBrains YouTrack < 2024.3.44799 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The version of JetBrains YouTrack installed on the remote host is prior to 2024.3.44799. It is, therefore, affected by
multiple vulnerabilities as referenced in the vendor advisory.
- In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could
restore workflows attached to a project
(CVE-2024-47159)
- In JetBrains YouTrack before 2024.3.44799 access to global app config data without
appropriate permissions was possible
(CVE-2024-47160)
- In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
(CVE-2024-47162)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.jetbrains.com/privacy-security/issues-fixed/");
script_set_attribute(attribute:"solution", value:
"Upgrade JetBrains YouTrack 2024.3.44799 or later.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-47159");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/09/19");
script_set_attribute(attribute:"patch_publication_date", value:"2024/09/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/09/27");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:jetbrains:youtrack");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("jetbrains_youtrack_win_installed.nbin");
script_require_keys("installed_sw/JetBrains YouTrack");
exit(0);
}
include('vcf.inc');
var app_info = vcf::combined_get_app_info(app:'JetBrains YouTrack');
var constraints = [
{ 'fixed_version' : '2024.3.44799'}
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);