In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.
2.7CVSS
4.1AI Score
0.001EPSS
JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.
7.5CVSS
7.4AI Score
0.001EPSS
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.
8.8CVSS
8.8AI Score
0.001EPSS
In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.
5.3CVSS
5.3AI Score
0.001EPSS
JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.
5.3CVSS
5.2AI Score
0.001EPSS
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
6.5CVSS
6.4AI Score
0.001EPSS
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.
7.3CVSS
7.2AI Score
0.001EPSS
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
7.5CVSS
7.4AI Score
0.002EPSS
Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.
3.3CVSS
4AI Score
0.0004EPSS
In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.
6.5CVSS
6.5AI Score
0.001EPSS
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.
7.5CVSS
7.2AI Score
0.002EPSS
In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.
5.3CVSS
5.3AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.
5.3CVSS
5.3AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.
5.3CVSS
5.3AI Score
0.001EPSS
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.
6.1CVSS
5.9AI Score
0.001EPSS