Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Youtrack Security Vulnerabilities

cve
cve

CVE-2019-12850

A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.

9.8CVSS

9.4AI Score

0.002EPSS

2019-07-03 07:15 PM
60
cve
cve

CVE-2019-12851

A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852.

8.8CVSS

8.6AI Score

0.001EPSS

2019-07-03 07:15 PM
201
cve
cve

CVE-2019-12852

An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168.

9.8CVSS

9.3AI Score

0.002EPSS

2019-07-03 08:15 PM
217
cve
cve

CVE-2019-12866

An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.

9.8CVSS

9.2AI Score

0.002EPSS

2019-07-03 07:15 PM
143
cve
cve

CVE-2019-12867

Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168.

9.8CVSS

9.5AI Score

0.002EPSS

2019-07-03 07:15 PM
60
cve
cve

CVE-2019-14952

JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles.

6.1CVSS

5.9AI Score

0.001EPSS

2019-10-01 02:15 PM
24
cve
cve

CVE-2019-14953

JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser.

6.1CVSS

5.9AI Score

0.001EPSS

2019-10-01 04:15 PM
56
cve
cve

CVE-2019-14956

JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.

4.3CVSS

4.6AI Score

0.001EPSS

2019-10-02 07:15 PM
18
cve
cve

CVE-2019-15040

JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.

8.8CVSS

8.6AI Score

0.001EPSS

2019-10-02 07:15 PM
22
cve
cve

CVE-2019-15041

JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.

6.1CVSS

6.3AI Score

0.001EPSS

2019-10-01 08:15 PM
76
cve
cve

CVE-2019-16171

In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.

6.1CVSS

5.9AI Score

0.001EPSS

2019-10-02 07:15 PM
19
cve
cve

CVE-2019-18369

In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.

5.3CVSS

5.3AI Score

0.001EPSS

2019-10-31 04:15 PM
17
cve
cve

CVE-2020-11692

In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.

2.7CVSS

4.1AI Score

0.001EPSS

2020-04-22 02:15 PM
19
cve
cve

CVE-2020-11693

JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.

7.5CVSS

7.4AI Score

0.001EPSS

2020-04-22 02:15 PM
15
cve
cve

CVE-2020-15817

In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.

8.8CVSS

8.8AI Score

0.001EPSS

2020-08-08 09:15 PM
31
cve
cve

CVE-2020-15818

In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.

5.3CVSS

5.3AI Score

0.001EPSS

2020-08-08 09:15 PM
40
cve
cve

CVE-2020-15819

JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.

5.3CVSS

5.2AI Score

0.001EPSS

2020-08-08 09:15 PM
28
cve
cve

CVE-2020-15820

In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.

5.3CVSS

5.3AI Score

0.001EPSS

2020-08-08 09:15 PM
31
cve
cve

CVE-2020-15821

In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.

6.5CVSS

6.4AI Score

0.001EPSS

2020-08-08 09:15 PM
33
cve
cve

CVE-2020-15822

In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.

7.3CVSS

7.2AI Score

0.001EPSS

2020-10-19 07:15 PM
22
cve
cve

CVE-2020-15823

JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.

7.5CVSS

7.4AI Score

0.002EPSS

2020-08-08 09:15 PM
40
2
cve
cve

CVE-2020-24366

Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.

3.3CVSS

4AI Score

0.0004EPSS

2020-11-16 03:15 PM
24
cve
cve

CVE-2020-24618

In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.

6.5CVSS

6.5AI Score

0.001EPSS

2020-08-27 08:15 PM
17
cve
cve

CVE-2020-25208

In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.

5.3CVSS

5.3AI Score

0.001EPSS

2021-02-03 04:15 PM
18
2
cve
cve

CVE-2020-25209

In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.

7.5CVSS

7.2AI Score

0.002EPSS

2020-11-16 03:15 PM
18
cve
cve

CVE-2020-25210

In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.

5.3CVSS

5.3AI Score

0.001EPSS

2020-11-16 03:15 PM
30
cve
cve

CVE-2020-27624

JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.

5.3CVSS

5.3AI Score

0.001EPSS

2020-11-16 03:15 PM
30
cve
cve

CVE-2020-27625

In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.

5.3CVSS

5.3AI Score

0.001EPSS

2020-11-16 03:15 PM
14
cve
cve

CVE-2020-27626

JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.

5.3CVSS

5.3AI Score

0.001EPSS

2020-11-16 03:15 PM
18
cve
cve

CVE-2020-7912

In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.

5.3CVSS

5.3AI Score

0.001EPSS

2020-01-30 06:15 PM
29
cve
cve

CVE-2020-7913

JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.

6.1CVSS

5.9AI Score

0.001EPSS

2020-01-30 06:15 PM
17
cve
cve

CVE-2021-25765

In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.

8.8CVSS

8.7AI Score

0.001EPSS

2021-02-03 04:15 PM
20
2
cve
cve

CVE-2021-25766

In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.

5.3CVSS

5.4AI Score

0.001EPSS

2021-02-03 04:15 PM
23
3
cve
cve

CVE-2021-25767

In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.

5.3CVSS

5.5AI Score

0.001EPSS

2021-02-03 04:15 PM
15
2
cve
cve

CVE-2021-25768

In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.

5.3CVSS

5.4AI Score

0.001EPSS

2021-02-03 04:15 PM
18
2
cve
cve

CVE-2021-25769

In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.

7.5CVSS

7.4AI Score

0.001EPSS

2021-02-03 04:15 PM
25
3
cve
cve

CVE-2021-25770

In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.

9.8CVSS

9.6AI Score

0.012EPSS

2021-02-03 04:15 PM
25
3
cve
cve

CVE-2021-25771

In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.

4.3CVSS

4.5AI Score

0.001EPSS

2021-02-03 04:15 PM
20
cve
cve

CVE-2021-27733

In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.

5.4CVSS

5.2AI Score

0.001EPSS

2021-05-11 12:15 PM
17
cve
cve

CVE-2021-31902

In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.

7.5CVSS

7.5AI Score

0.001EPSS

2021-05-11 12:15 PM
17
4
cve
cve

CVE-2021-31903

In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS.

6.1CVSS

6.2AI Score

0.001EPSS

2021-05-11 12:15 PM
16
4
cve
cve

CVE-2021-31905

In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.

7.5CVSS

7.2AI Score

0.002EPSS

2021-05-11 12:15 PM
16
cve
cve

CVE-2021-37549

In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.

9.1CVSS

9.1AI Score

0.002EPSS

2021-08-06 02:15 PM
33
2
cve
cve

CVE-2021-37550

In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.

7.5CVSS

7.5AI Score

0.001EPSS

2021-08-06 02:15 PM
33
3
cve
cve

CVE-2021-37551

In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.

5.3CVSS

5.3AI Score

0.001EPSS

2021-08-06 02:15 PM
32
6
cve
cve

CVE-2021-37552

In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.

5.4CVSS

5.1AI Score

0.001EPSS

2021-08-06 02:15 PM
26
4
cve
cve

CVE-2021-37553

In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.

7.5CVSS

7.5AI Score

0.002EPSS

2021-08-06 02:15 PM
27
6
cve
cve

CVE-2021-37554

In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.

4.3CVSS

4.6AI Score

0.001EPSS

2021-08-06 02:15 PM
30
cve
cve

CVE-2021-43184

In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.

5.4CVSS

5.2AI Score

0.001EPSS

2021-11-09 03:15 PM
17
cve
cve

CVE-2021-43185

JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.

9.8CVSS

9.6AI Score

0.002EPSS

2021-11-09 03:15 PM
17
Total number of security vulnerabilities63