A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.
9.8CVSS
9.4AI Score
0.002EPSS
An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168.
9.8CVSS
9.3AI Score
0.002EPSS
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
9.8CVSS
9.2AI Score
0.002EPSS
Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
9.8CVSS
9.5AI Score
0.002EPSS
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
9.8CVSS
9.6AI Score
0.012EPSS
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.
9.1CVSS
9.1AI Score
0.002EPSS
9.8CVSS
9.6AI Score
0.002EPSS
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
9.8CVSS
9.4AI Score
0.002EPSS