In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname...
5.9CVSS
7.4AI Score
0.0004EPSS
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and...
6.5CVSS
7.4AI Score
0.0004EPSS
In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin...
6.5CVSS
7.3AI Score
0.0004EPSS
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was...
5.3CVSS
7.5AI Score
0.0004EPSS
5.4CVSS
5.9AI Score
0.0004EPSS
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was...
4.3CVSS
7.4AI Score
0.0004EPSS
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk...
7.3CVSS
7.2AI Score
0.0005EPSS
In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk...
7.5CVSS
7.5AI Score
0.0005EPSS
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was...
5.4CVSS
5.2AI Score
0.0004EPSS
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic...
5.4CVSS
5.5AI Score
0.001EPSS
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being...
5.4CVSS
5.7AI Score
0.001EPSS
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue...
5.4CVSS
5.5AI Score
0.001EPSS
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker...
9.8CVSS
9.3AI Score
0.002EPSS
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project...
5.4CVSS
5.1AI Score
0.001EPSS
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only...
4.3CVSS
4.6AI Score
0.001EPSS
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates...
5.4CVSS
5.1AI Score
0.001EPSS
9.8CVSS
9.6AI Score
0.002EPSS
5.4CVSS
5.4AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding...
4.3CVSS
4.6AI Score
0.001EPSS
9.1CVSS
9.1AI Score
0.002EPSS
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with...
5.3CVSS
5.3AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.002EPSS
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was...
7.5CVSS
7.2AI Score
0.002EPSS
In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented...
7.5CVSS
7.5AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to...
6.1CVSS
6.2AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked...
5.3CVSS
5.4AI Score
0.001EPSS
In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate...
5.3CVSS
6.8AI Score
0.001EPSS
In JetBrains YouTrack before 2020.6.1099, project information could be potentially...
4.3CVSS
4.6AI Score
0.001EPSS
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code...
9.8CVSS
9.6AI Score
0.009EPSS
In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command...
5.3CVSS
5.5AI Score
0.001EPSS
5.3CVSS
5.4AI Score
0.001EPSS
In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access...
7.5CVSS
7.4AI Score
0.001EPSS
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST...
7.5CVSS
6.9AI Score
0.002EPSS
5.3CVSS
7.3AI Score
0.001EPSS
Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application...
3.3CVSS
7.1AI Score
0.0004EPSS
In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access...
5.3CVSS
7.4AI Score
0.001EPSS
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible...
5.3CVSS
7.4AI Score
0.001EPSS
5.3CVSS
7.3AI Score
0.001EPSS
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be...
7.3CVSS
6.8AI Score
0.001EPSS
In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate...
6.5CVSS
7.4AI Score
0.001EPSS
In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue...
5.3CVSS
6.8AI Score
0.001EPSS
7.5CVSS
6.7AI Score
0.002EPSS
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file...
5.3CVSS
6.8AI Score
0.001EPSS
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article...
6.5CVSS
6.7AI Score
0.001EPSS
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary...
8.8CVSS
7.4AI Score
0.001EPSS