In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.
Published November 16, 2020.
Jetbrains Youtrack