Youtrack Security Vulnerabilities and Issues — Youtrack CVE List

Lucene search

JetbrainsYoutrack

9 matches found

CVE•added 2019/07/03 8:15 p.m.•233 views

CVE-2019-12852

An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168.

9.8CVSS9.3AI score0.00004EPSS

CVE•added 2019/07/03 7:15 p.m.•162 views

CVE-2019-12866

An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.

9.8CVSS9.2AI score0.00004EPSS

CVE•added 2019/07/03 7:15 p.m.•80 views

CVE-2019-12867

Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168.

9.8CVSS9.5AI score0.00005EPSS

CVE•added 2019/07/03 7:15 p.m.•76 views

CVE-2019-12850

A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.

9.8CVSS9.4AI score0.00006EPSS

CVE•added 2021/02/03 4:15 p.m.•58 views

CVE-2021-25770

In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.

9.8CVSS9.6AI score0.00016EPSS

CVE•added 2022/02/25 8:15 p.m.•54 views

CVE-2022-24442

JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

9.8CVSS9.4AI score0.00017EPSS

CVE•added 2021/08/06 2:15 p.m.•52 views

CVE-2021-37549

In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.

9.1CVSS9.1AI score0.00003EPSS

CVE•added 2024/12/04 12:15 p.m.•46 views

CVE-2024-54154

In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox

9.8CVSS7.1AI score0.00077EPSS

CVE•added 2021/11/09 3:15 p.m.•35 views

CVE-2021-43185

JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.

9.8CVSS9.6AI score0.00007EPSS