Youtrack Security Vulnerabilities and Issues — Youtrack CVE List

Lucene search

JetbrainsYoutrack

39 matches found

CVE•added 2024/09/19 6:15 p.m.•106 views

CVE-2024-47160

In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible

5.3CVSS7.1AI score0.00005EPSS

CVE•added 2024/09/19 6:15 p.m.•105 views

CVE-2024-47162

In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page

5.3CVSS7.2AI score0.00004EPSS

CVE•added 2022/02/25 3:15 p.m.•82 views

CVE-2022-24344

JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.

5.4CVSS5.1AI score0.00009EPSS

CVE•added 2022/02/25 3:15 p.m.•78 views

CVE-2022-24347

JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.

5.4CVSS5.1AI score0.00009EPSS

CVE•added 2024/10/10 11:15 a.m.•74 views

CVE-2024-48902

In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API

5.4CVSS7.1AI score0.00004EPSS

CVE•added 2022/04/05 6:15 p.m.•67 views

CVE-2022-28648

In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered

5.7CVSS5.6AI score0.00004EPSS

CVE•added 2024/10/28 1:15 p.m.•63 views

CVE-2024-50578

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page

5.4CVSS6AI score0.16247EPSS

CVE•added 2022/04/05 6:15 p.m.•62 views

CVE-2022-28649

In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description

5.4CVSS5.4AI score0.00003EPSS

CVE•added 2024/10/28 1:15 p.m.•61 views

CVE-2024-50580

In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule

5.4CVSS6.2AI score0.16247EPSS

CVE•added 2024/10/28 1:15 p.m.•59 views

CVE-2024-50581

In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag

5.4CVSS6AI score0.16247EPSS

CVE•added 2024/10/28 1:15 p.m.•58 views

CVE-2024-50576

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest

5.4CVSS5.9AI score0.16247EPSS

CVE•added 2024/10/28 1:15 p.m.•58 views

CVE-2024-50582

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements

5.4CVSS5.8AI score0.16247EPSS

CVE•added 2020/08/08 9:15 p.m.•57 views

CVE-2020-15818

In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.

5.3CVSS5.3AI score0.00003EPSS

CVE•added 2020/11/16 3:15 p.m.•57 views

CVE-2020-27624

JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.

5.3CVSS5.3AI score0.00002EPSS

CVE•added 2024/10/28 1:15 p.m.•57 views

CVE-2024-50577

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings

5.4CVSS6.2AI score0.12153EPSS

CVE•added 2020/08/08 9:15 p.m.•51 views

CVE-2020-15819

JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.

5.3CVSS5.2AI score0.00002EPSS

CVE•added 2021/08/06 2:15 p.m.•50 views

CVE-2021-37551

In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.

5.3CVSS5.3AI score0.00002EPSS

CVE•added 2020/08/08 9:15 p.m.•49 views

CVE-2020-15820

In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.

5.3CVSS5.3AI score0.00003EPSS

CVE•added 2024/03/07 12:15 p.m.•48 views

CVE-2024-28228

In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible

5.3CVSS5.4AI score0.00009EPSS

CVE•added 2020/11/16 3:15 p.m.•47 views

CVE-2020-25210

In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.

5.3CVSS5.3AI score0.00003EPSS

CVE•added 2021/08/06 2:15 p.m.•45 views

CVE-2021-37552

In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.

5.4CVSS5.1AI score0.00009EPSS

CVE•added 2020/01/30 6:15 p.m.•44 views

CVE-2020-7912

In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.

5.3CVSS5.3AI score0.00003EPSS

CVE•added 2021/02/03 4:15 p.m.•44 views

CVE-2021-25768

In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.

5.3CVSS5.4AI score0.00003EPSS

CVE•added 2021/02/03 4:15 p.m.•43 views

CVE-2020-25208

In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.

5.3CVSS5.3AI score0.00002EPSS

CVE•added 2024/12/04 12:15 p.m.•43 views

CVE-2024-54158

In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding

5.3CVSS7AI score0.00002EPSS

CVE•added 2024/12/04 12:15 p.m.•40 views

CVE-2024-54155

In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication

5.3CVSS7.2AI score0.00001EPSS

CVE•added 2020/11/16 3:15 p.m.•39 views

CVE-2020-27626

JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.

5.3CVSS5.3AI score0.00002EPSS

CVE•added 2021/02/03 4:15 p.m.•39 views

CVE-2021-25766

In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.

5.3CVSS5.4AI score0.00003EPSS

CVE•added 2024/06/18 11:15 a.m.•39 views

CVE-2024-38504

In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles

5.3CVSS4.8AI score0.00002EPSS

CVE•added 2025/01/21 6:15 p.m.•39 views

CVE-2025-24457

In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs

5.5CVSS5.5AI score0.00001EPSS

CVE•added 2019/10/31 4:15 p.m.•37 views

CVE-2019-18369

In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.

5.3CVSS5.3AI score0.00003EPSS

CVE•added 2021/02/03 4:15 p.m.•36 views

CVE-2021-25767

In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.

5.3CVSS5.5AI score0.00005EPSS

CVE•added 2021/02/03 4:15 p.m.•35 views

CVE-2021-25771

In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.

5CVSS4.5AI score0.00005EPSS

CVE•added 2021/11/09 3:15 p.m.•35 views

CVE-2021-43184

In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.

5.4CVSS5.2AI score0.00006EPSS

CVE•added 2024/01/09 10:15 a.m.•35 views

CVE-2024-22370

In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible

5.4CVSS5.2AI score0.21167EPSS

CVE•added 2021/11/09 3:15 p.m.•33 views

CVE-2021-43186

JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.

5.4CVSS5.4AI score0.0001EPSS

CVE•added 2023/06/12 4:15 p.m.•32 views

CVE-2023-35054

In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible

5.4CVSS5.2AI score0.00041EPSS

CVE•added 2021/05/11 12:15 p.m.•29 views

CVE-2021-27733

In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.

5.4CVSS5.2AI score0.00006EPSS

CVE•added 2020/11/16 3:15 p.m.•28 views

CVE-2020-27625

In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.

5.3CVSS5.3AI score0.00003EPSS