Latest jetbrains youtrack Vulnerabilities

CVE-2024-22370
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible
Jetbrains Youtrack<2023.3.22666
CVE-2023-50871
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed
Jetbrains Youtrack<2023.3.22268
CVE-2023-38068
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms
Jetbrains Youtrack<2023.1.16597
CVE-2023-35054
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
Jetbrains Youtrack<2023.1.10518
CVE-2022-28649
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
Jetbrains Youtrack<2022.1.43563
CVE-2022-28650
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
Jetbrains Youtrack<2022.1.43700
CVE-2022-24442
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
Jetbrains Youtrack<2021.4.40426
CVE-2022-24343
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
Jetbrains Youtrack<2021.4.31698
CVE-2021-43186
JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.
Jetbrains Youtrack<2021.3.24402
CVE-2021-43185
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.
Jetbrains Youtrack<2021.3.23639
CVE-2021-43184
In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.
Jetbrains Youtrack<2021.3.21051
CVE-2021-37550
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.
Jetbrains Youtrack<2021.2.16363
CVE-2021-37553
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
Jetbrains Youtrack<2021.2.16363
CVE-2021-37551
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
Jetbrains Youtrack<2021.2.16363
CVE-2021-37549
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.
Jetbrains Youtrack<2021.1.11111
CVE-2021-37554
In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.
Jetbrains Youtrack<2021.3.21051
CVE-2021-37552
In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.
Jetbrains Youtrack<2021.2.17925
CVE-2021-27733
In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.
Jetbrains Youtrack<2020.6.6441
CVE-2021-31903
In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS.
Jetbrains Youtrack<2021.1.9819
CVE-2021-31902
In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.
Jetbrains Youtrack<2020.6.6600
CVE-2021-31905
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.
Jetbrains Youtrack<2020.6.8801
CVE-2021-25767
In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.
Jetbrains Youtrack<2020.6.1767
CVE-2021-25769
In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.
Jetbrains Youtrack<2020.4.6808
CVE-2021-25770
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
Jetbrains Youtrack<2020.5.3123
CVE-2021-25768
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.
Jetbrains Youtrack<2020.4.4701
CVE-2021-25771
In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.
Jetbrains Youtrack<2020.6.1099
CVE-2021-25765
In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.
Jetbrains Youtrack<2020.4.4701
CVE-2021-25766
In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.
Jetbrains Youtrack<2020.4.4701
CVE-2020-27626
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.
Jetbrains Youtrack<2020.3.5333
CVE-2020-27624
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.
Jetbrains Youtrack<2020.3.888
CVE-2020-27625
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.
Jetbrains Youtrack<2020.3.888
CVE-2020-25209
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.
Jetbrains Youtrack<2020.3.6638
CVE-2020-24366
Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.
Jetbrains Youtrack<2020.2.0
CVE-2020-25210
In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.
Jetbrains Youtrack<2020.3.7955
CVE-2020-15822
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.
Jetbrains Youtrack<2020.2.10514
CVE-2020-15820
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
Jetbrains Youtrack<2020.2.6881
CVE-2020-15823
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
Jetbrains Youtrack<2020.2.8873
CVE-2020-15821
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
Jetbrains Youtrack<2020.2.6881
CVE-2020-15819
JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.
Jetbrains Youtrack<2020.2.10643
CVE-2020-15818
In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.
Jetbrains Youtrack<2020.2.8527
CVE-2020-15817
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.
Jetbrains Youtrack<2020.1.1331
CVE-2020-11693
JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.
Jetbrains Youtrack<2020.1.659
CVE-2020-7913
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.
Jetbrains Youtrack>=2019.2.0<2019.2.59309
CVE-2020-7912
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.
Jetbrains Youtrack>=2019.2.0<2019.2.59309
CVE-2019-18369
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.
Jetbrains Youtrack<2019.2.55152
CVE-2019-16171
In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.
Jetbrains Youtrack<=2019.2.56594
CVE-2019-15040
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.
Jetbrains Youtrack<2019.1
CVE-2019-14956
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.
Jetbrains Youtrack<2019.2.53938
CVE-2019-15041
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.
Jetbrains Youtrack<2019.1.52545
CVE-2019-14953
JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser.
Jetbrains Youtrack<2019.2.53938
Mozilla Firefox

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203