16 matches found
CVE-2022-28650
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
CVE-2020-15823
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
CVE-2021-37550
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.
CVE-2025-24458
In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration
CVE-2021-37553
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
CVE-2021-25769
In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.
CVE-2024-50574
In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality
CVE-2024-38505
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
CVE-2020-15822
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.
CVE-2020-25209
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.
CVE-2024-35299
In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
CVE-2021-31902
In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.
CVE-2021-31905
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.
CVE-2023-35053
In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
CVE-2023-38068
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms
CVE-2020-11693
JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.