Youtrack Security Vulnerabilities and Issues — Youtrack CVE List | Vulners.com

Lucene search

K

JetbrainsYoutrack

92 matches found

CVE•added 2019/07/03 8:15 p.m.•233 views

CVE-2019-12852

An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168.

9.8CVSS9.3AI score0.00004EPSS

CVE•added 2019/07/03 7:15 p.m.•218 views

CVE-2019-12851

A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852.

8.8CVSS8.6AI score0.00002EPSS

CVE•added 2019/07/03 7:15 p.m.•162 views

CVE-2019-12866

An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.

9.8CVSS9.2AI score0.00004EPSS

CVE•added 2024/09/19 6:15 p.m.•106 views

CVE-2024-47160

In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible

5.3CVSS7.1AI score0.00005EPSS

CVE•added 2024/09/19 6:15 p.m.•105 views

CVE-2024-47162

In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page

5.3CVSS7.2AI score0.00004EPSS

CVE•added 2024/09/19 6:15 p.m.•104 views

CVE-2024-47159

In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project

4.3CVSS7.1AI score0.00003EPSS

CVE•added 2019/10/01 8:15 p.m.•92 views

CVE-2019-15041

JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.

6.1CVSS6.3AI score0.00003EPSS

CVE•added 2022/04/05 6:15 p.m.•88 views

CVE-2022-28650

In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI

7.3CVSS5.4AI score0.00009EPSS

CVE•added 2024/10/28 1:15 p.m.•85 views

CVE-2024-50575

In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API

6.1CVSS6.1AI score0.06101EPSS

CVE•added 2022/02/25 3:15 p.m.•82 views

CVE-2022-24344

JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.

5.4CVSS5.1AI score0.00009EPSS

CVE•added 2019/07/03 7:15 p.m.•80 views

CVE-2019-12867

Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168.

9.8CVSS9.5AI score0.00005EPSS

CVE•added 2022/02/25 3:15 p.m.•78 views

CVE-2022-24347

JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.

5.4CVSS5.1AI score0.00009EPSS

CVE•added 2019/07/03 7:15 p.m.•76 views

CVE-2019-12850

A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.

9.8CVSS9.4AI score0.00006EPSS

CVE•added 2024/10/10 11:15 a.m.•74 views

CVE-2024-48902

In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API

5.4CVSS7.1AI score0.00004EPSS

CVE•added 2019/10/01 4:15 p.m.•73 views

CVE-2019-14953

JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser.

6.1CVSS5.9AI score0.00007EPSS

CVE•added 2024/10/17 1:15 p.m.•71 views

CVE-2024-49579

In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests

8.1CVSS7.1AI score0.00045EPSS

CVE•added 2022/04/05 6:15 p.m.•67 views

CVE-2022-28648

In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered

5.7CVSS5.6AI score0.00004EPSS

CVE•added 2024/10/28 1:15 p.m.•63 views

CVE-2024-50578

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page

5.4CVSS6AI score0.16247EPSS

CVE•added 2022/02/25 3:15 p.m.•62 views

CVE-2022-24343

In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.

4.3CVSS4.6AI score0.00002EPSS

CVE•added 2022/04/05 6:15 p.m.•62 views

CVE-2022-28649

In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description

5.4CVSS5.4AI score0.00003EPSS

CVE•added 2024/10/28 1:15 p.m.•61 views

CVE-2024-50580

In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule

5.4CVSS6.2AI score0.16247EPSS

CVE•added 2024/10/28 1:15 p.m.•59 views

CVE-2024-50581

In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag

5.4CVSS6AI score0.16247EPSS

CVE•added 2021/02/03 4:15 p.m.•58 views

CVE-2021-25770

In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.

9.8CVSS9.6AI score0.00016EPSS

CVE•added 2024/10/28 1:15 p.m.•58 views

CVE-2024-50576

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest

5.4CVSS5.9AI score0.16247EPSS

CVE•added 2024/10/28 1:15 p.m.•58 views

CVE-2024-50582

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements

5.4CVSS5.8AI score0.16247EPSS

CVE•added 2020/08/08 9:15 p.m.•57 views

CVE-2020-15818

In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.

5.3CVSS5.3AI score0.00003EPSS

CVE•added 2020/11/16 3:15 p.m.•57 views

CVE-2020-27624

JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.

5.3CVSS5.3AI score0.00002EPSS

CVE•added 2024/10/28 1:15 p.m.•57 views

CVE-2024-50577

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings

5.4CVSS6.2AI score0.12153EPSS

CVE•added 2020/08/08 9:15 p.m.•56 views

CVE-2020-15823

JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.

7.5CVSS7.4AI score0.00003EPSS

CVE•added 2024/03/07 12:15 p.m.•55 views

CVE-2024-28229

In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles

6.5CVSS6.5AI score0.00005EPSS

CVE•added 2024/12/04 12:15 p.m.•55 views

CVE-2024-54157

In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector

6.5CVSS6.9AI score0.00003EPSS

CVE•added 2022/02/25 8:15 p.m.•54 views

CVE-2022-24442

JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

9.8CVSS9.4AI score0.00017EPSS

CVE•added 2020/08/08 9:15 p.m.•53 views

CVE-2020-15821

In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.

6.5CVSS6.4AI score0.00002EPSS

CVE•added 2021/08/06 2:15 p.m.•52 views

CVE-2021-37549

In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.

9.1CVSS9.1AI score0.00003EPSS

CVE•added 2021/08/06 2:15 p.m.•52 views

CVE-2021-37550

In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.

7.5CVSS7.5AI score0.00003EPSS

CVE•added 2020/08/08 9:15 p.m.•51 views

CVE-2020-15819

JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.

5.3CVSS5.2AI score0.00002EPSS

CVE•added 2025/01/21 6:15 p.m.•51 views

CVE-2025-24458

In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration

7.8CVSS7AI score0.00001EPSS

CVE•added 2021/08/06 2:15 p.m.•50 views

CVE-2021-37551

In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.

5.3CVSS5.3AI score0.00002EPSS

CVE•added 2024/03/07 12:15 p.m.•50 views

CVE-2024-28230

In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions

6.5CVSS6.4AI score0.00005EPSS

CVE•added 2020/08/08 9:15 p.m.•49 views

CVE-2020-15820

In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.

5.3CVSS5.3AI score0.00003EPSS

CVE•added 2021/08/06 2:15 p.m.•49 views

CVE-2021-37554

In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.

4.3CVSS4.6AI score0.00002EPSS

CVE•added 2024/03/07 12:15 p.m.•48 views

CVE-2024-28228

In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible

5.3CVSS5.4AI score0.00009EPSS

CVE•added 2024/06/18 11:15 a.m.•48 views

CVE-2024-38506

In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows

8.1CVSS6.4AI score0.00014EPSS

CVE•added 2020/08/08 9:15 p.m.•47 views

CVE-2020-15817

In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.

8.8CVSS8.8AI score0.00008EPSS

CVE•added 2020/11/16 3:15 p.m.•47 views

CVE-2020-25210

In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.

5.3CVSS5.3AI score0.00003EPSS

CVE•added 2021/02/03 4:15 p.m.•47 views

CVE-2021-25765

In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.

8.8CVSS8.7AI score0.00002EPSS

CVE•added 2024/12/04 12:15 p.m.•46 views

CVE-2024-54154

In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox

9.8CVSS7.1AI score0.00077EPSS

CVE•added 2021/08/06 2:15 p.m.•45 views

CVE-2021-37552

In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.

5.4CVSS5.1AI score0.00009EPSS

CVE•added 2021/08/06 2:15 p.m.•45 views

CVE-2021-37553

In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.

7.5CVSS7.5AI score0.00003EPSS

CVE•added 2020/01/30 6:15 p.m.•44 views

CVE-2020-7912

In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.

5.3CVSS5.3AI score0.00003EPSS

Total number of security vulnerabilities92