Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Youtrack Security Vulnerabilities - CVSS Score 5 - 6

cve
cve

CVE-2019-18369

In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.

5.3CVSS

5.3AI Score

0.001EPSS

2019-10-31 04:15 PM
24
cve
cve

CVE-2020-15818

In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.

5.3CVSS

5.3AI Score

0.001EPSS

2020-08-08 09:15 PM
46
cve
cve

CVE-2020-15819

JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.

5.3CVSS

5.2AI Score

0.001EPSS

2020-08-08 09:15 PM
34
cve
cve

CVE-2020-15820

In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.

5.3CVSS

5.3AI Score

0.001EPSS

2020-08-08 09:15 PM
38
cve
cve

CVE-2020-25208

In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.

5.3CVSS

5.3AI Score

0.001EPSS

2021-02-03 04:15 PM
23
2
cve
cve

CVE-2020-25210

In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.

5.3CVSS

5.3AI Score

0.001EPSS

2020-11-16 03:15 PM
36
cve
cve

CVE-2020-27624

JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.

5.3CVSS

5.3AI Score

0.001EPSS

2020-11-16 03:15 PM
35
cve
cve

CVE-2020-27625

In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.

5.3CVSS

5.3AI Score

0.001EPSS

2020-11-16 03:15 PM
20
cve
cve

CVE-2020-27626

JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.

5.3CVSS

5.3AI Score

0.001EPSS

2020-11-16 03:15 PM
30
cve
cve

CVE-2020-7912

In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.

5.3CVSS

5.3AI Score

0.001EPSS

2020-01-30 06:15 PM
33
cve
cve

CVE-2021-25766

In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.

5.3CVSS

5.4AI Score

0.001EPSS

2021-02-03 04:15 PM
29
3
cve
cve

CVE-2021-25767

In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.

5.3CVSS

5.5AI Score

0.001EPSS

2021-02-03 04:15 PM
22
2
cve
cve

CVE-2021-25768

In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.

5.3CVSS

5.4AI Score

0.001EPSS

2021-02-03 04:15 PM
22
2
cve
cve

CVE-2021-27733

In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.

5.4CVSS

5.2AI Score

0.001EPSS

2021-05-11 12:15 PM
21
cve
cve

CVE-2021-37551

In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.

5.3CVSS

5.3AI Score

0.001EPSS

2021-08-06 02:15 PM
39
6
cve
cve

CVE-2021-37552

In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.

5.4CVSS

5.1AI Score

0.001EPSS

2021-08-06 02:15 PM
33
4
cve
cve

CVE-2021-43184

In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.

5.4CVSS

5.2AI Score

0.001EPSS

2021-11-09 03:15 PM
25
cve
cve

CVE-2021-43186

JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.

5.4CVSS

5.4AI Score

0.001EPSS

2021-11-09 03:15 PM
23
cve
cve

CVE-2022-24344

JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.

5.4CVSS

5.1AI Score

0.001EPSS

2022-02-25 03:15 PM
72
cve
cve

CVE-2022-24347

JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.

5.4CVSS

5.1AI Score

0.001EPSS

2022-02-25 03:15 PM
68
cve
cve

CVE-2022-28648

In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered

5.7CVSS

5.6AI Score

0.001EPSS

2022-04-05 06:15 PM
59
cve
cve

CVE-2022-28649

In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description

5.4CVSS

5.4AI Score

0.001EPSS

2022-04-05 06:15 PM
54
cve
cve

CVE-2023-35054

In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible

5.4CVSS

5.2AI Score

0.0005EPSS

2023-06-12 04:15 PM
20
cve
cve

CVE-2024-22370

In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible

5.4CVSS

5.2AI Score

0.0004EPSS

2024-01-09 10:15 AM
17
cve
cve

CVE-2024-38504

In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles

5.3CVSS

4.8AI Score

0.0005EPSS

2024-06-18 11:15 AM
27
cve
cve

CVE-2024-47160

In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible

5.3CVSS

7.1AI Score

0.0005EPSS

2024-09-19 06:15 PM
88
cve
cve

CVE-2024-47162

In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page

5.3CVSS

7.2AI Score

0.0005EPSS

2024-09-19 06:15 PM
93