8 matches found
CVE-2021-25770
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
CVE-2021-25765
In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.
CVE-2021-25768
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.
CVE-2021-25769
In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.
CVE-2020-25208
In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.
CVE-2021-25766
In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.
CVE-2021-25767
In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.
CVE-2021-25771
In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.