Lucene search

Youtrack Security Vulnerabilities - CVSS Score 9 - 10

cve

CVE-2019-12850

A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.

9.8CVSS

9.4AI Score

0.002EPSS

2019-07-03 07:15 PM

cve

CVE-2019-12852

An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168.

9.8CVSS

9.3AI Score

0.002EPSS

2019-07-03 08:15 PM

224

cve

CVE-2019-12866

An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.

9.8CVSS

9.2AI Score

0.002EPSS

2019-07-03 07:15 PM

149

cve

CVE-2019-12867

Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168.

9.8CVSS

9.5AI Score

0.002EPSS

2019-07-03 07:15 PM

cve

CVE-2021-25770

In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.

9.8CVSS

9.6AI Score

0.012EPSS

2021-02-03 04:15 PM

cve

CVE-2021-37549

In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.

9.1CVSS

9.1AI Score

0.002EPSS

2021-08-06 02:15 PM

cve

CVE-2021-43185

JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.

9.8CVSS

9.6AI Score

0.002EPSS

2021-11-09 03:15 PM

cve

CVE-2022-24442

JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

9.8CVSS

9.4AI Score

0.002EPSS

2022-02-25 08:15 PM