Youtrack@* Security Vulnerabilities and Issues — Youtrack@* CVE List

Lucene search

JetbrainsYoutrack*

21 matches found

CVE•added 2021/02/03 4:15 p.m.•58 views

CVE-2021-25770

In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.

9.8CVSS9.6AI score0.00016EPSS

CVE•added 2021/08/06 2:15 p.m.•52 views

CVE-2021-37549

In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.

9.1CVSS9.1AI score0.00003EPSS

CVE•added 2021/08/06 2:15 p.m.•52 views

CVE-2021-37550

In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.

7.5CVSS7.5AI score0.00003EPSS

CVE•added 2021/08/06 2:15 p.m.•50 views

CVE-2021-37551

In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.

5.3CVSS5.3AI score0.00002EPSS

CVE•added 2021/08/06 2:15 p.m.•49 views

CVE-2021-37554

In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.

4.3CVSS4.6AI score0.00002EPSS

CVE•added 2021/02/03 4:15 p.m.•47 views

CVE-2021-25765

In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.

8.8CVSS8.7AI score0.00002EPSS

CVE•added 2021/08/06 2:15 p.m.•45 views

CVE-2021-37552

In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.

5.4CVSS5.1AI score0.00009EPSS

CVE•added 2021/08/06 2:15 p.m.•45 views

CVE-2021-37553

In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.

7.5CVSS7.5AI score0.00003EPSS

CVE•added 2021/02/03 4:15 p.m.•44 views

CVE-2021-25768

In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.

5.3CVSS5.4AI score0.00003EPSS

CVE•added 2021/02/03 4:15 p.m.•44 views

CVE-2021-25769

In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.

7.5CVSS7.4AI score0.00006EPSS

CVE•added 2021/02/03 4:15 p.m.•43 views

CVE-2020-25208

In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.

5.3CVSS5.3AI score0.00002EPSS

CVE•added 2021/05/11 12:15 p.m.•40 views

CVE-2021-31903

In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS.

6.1CVSS6.2AI score0.00005EPSS

CVE•added 2021/02/03 4:15 p.m.•39 views

CVE-2021-25766

In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.

5.3CVSS5.4AI score0.00003EPSS

CVE•added 2021/02/03 4:15 p.m.•36 views

CVE-2021-25767

In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.

5.3CVSS5.5AI score0.00005EPSS

CVE•added 2021/02/03 4:15 p.m.•35 views

CVE-2021-25771

In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.

5CVSS4.5AI score0.00005EPSS

CVE•added 2021/11/09 3:15 p.m.•35 views

CVE-2021-43184

In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.

5.4CVSS5.2AI score0.00006EPSS

CVE•added 2021/11/09 3:15 p.m.•35 views

CVE-2021-43185

JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.

9.8CVSS9.6AI score0.00007EPSS

CVE•added 2021/05/11 12:15 p.m.•33 views

CVE-2021-31902

In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.

7.5CVSS7.5AI score0.00002EPSS

CVE•added 2021/05/11 12:15 p.m.•33 views

CVE-2021-31905

In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.

7.5CVSS7.2AI score0.00003EPSS

CVE•added 2021/11/09 3:15 p.m.•33 views

CVE-2021-43186

JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.

5.4CVSS5.4AI score0.0001EPSS

CVE•added 2021/05/11 12:15 p.m.•29 views

CVE-2021-27733

In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.

5.4CVSS5.2AI score0.00006EPSS