First published: Tue Apr 05 2022(Updated: )
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
Credit: security@jetbrains.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jetbrains Youtrack | <2022.1.43563 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this JetBrains YouTrack vulnerability is CVE-2022-28649.
The severity of CVE-2022-28649 is medium with a severity value of 5.4.
The affected software version for CVE-2022-28649 is JetBrains YouTrack before 2022.1.43563.
This vulnerability can be exploited by including an iframe from a third-party domain in the issue description in JetBrains YouTrack before 2022.1.43563.
Yes, the fix for CVE-2022-28649 is available in JetBrains YouTrack version 2022.1.43563.