1119 matches found
CVE-2020-24618
In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access...
CVE-2019-16171
In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page...
CVE-2019-12866
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168...
CVE-2019-12851
A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852...
CVE-2019-12852
An SSRF attack was possible on a JetBrains YouTrack server. The issue 1 of 2 was fixed in JetBrains YouTrack 2018.4.49168...
CVE-2019-12850
A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168...
JetBrains YouTrack < 2025.3.104432 Multiple Vulnerabilities
The version of JetBrains YouTrack installed on the remote host is prior to 2025.2.92387. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory. - In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure. CVE-2025-64685 - ...
CVE-2025-64773
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit...
EUVD-2025-84340
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit...
CVE-2025-64773
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit...
CVE-2025-64773
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit...
CVE-2025-64773
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit...
CVE-2025-64773
CVE-2025-64773 affects JetBrains YouTrack prior to version 2025.3.104432. Multiple connected sources (NVD/NASL/Nessus and others) describe a race condition that allows bypassing the helpdesk agent limit. Affected component is YouTrack (web/bug-tracking platform); root cause is described as a race...
CVE-2025-64773
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit...
CVE-2025-64689
In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Junie could lead to exposure of the global Junie token...
CVE-2025-64687
In JetBrains YouTrack before 2025.3.104432 improper access control allowed modify MCP tool logic...
CVE-2025-64688
In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation allowed delegation to unauthorized repositories from the Junie widget...
CVE-2025-64686
In JetBrains YouTrack before 2025.3.104432 missing user principal cleanup led to reuse of incorrect authorization context...
CVE-2025-64690
In JetBrains YouTrack before 2025.3.104432 insecure Junie configuration could lead to data exposure and unauthorized changes...
CVE-2025-64685
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure...