In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.
5.3CVSS
5.3AI Score
0.001EPSS
JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.
5.3CVSS
5.2AI Score
0.001EPSS
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.
5.3CVSS
5.3AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.
5.3CVSS
5.3AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.
5.3CVSS
5.4AI Score
0.001EPSS
In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.
5.3CVSS
5.5AI Score
0.001EPSS
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.
5.3CVSS
5.4AI Score
0.001EPSS
In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
5.3CVSS
5.3AI Score
0.001EPSS
5.4CVSS
5.1AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.4AI Score
0.001EPSS
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.
5.4CVSS
5.1AI Score
0.001EPSS
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.
5.4CVSS
5.1AI Score
0.001EPSS
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
5.7CVSS
5.6AI Score
0.001EPSS
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
5.4CVSS
5.4AI Score
0.001EPSS
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
5.4CVSS
5.2AI Score
0.0005EPSS
5.4CVSS
5.2AI Score
0.0004EPSS
In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles
5.3CVSS
4.8AI Score
0.0005EPSS
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
5.3CVSS
7.1AI Score
0.0005EPSS
5.3CVSS
7.2AI Score
0.0005EPSS