Vulnerability Details CVE-2019-12866
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2019-12866
-
cpe:2.3:a:jetbrains:youtrack:-
-
cpe:2.3:a:jetbrains:youtrack:2.19.2.65515
-
cpe:2.3:a:jetbrains:youtrack:2.2.1
-
cpe:2.3:a:jetbrains:youtrack:2017.1.30791
-
cpe:2.3:a:jetbrains:youtrack:2017.1.30867
-
cpe:2.3:a:jetbrains:youtrack:2017.1.30973
-
cpe:2.3:a:jetbrains:youtrack:2017.1.31650
-
cpe:2.3:a:jetbrains:youtrack:2017.2.32529
-
cpe:2.3:a:jetbrains:youtrack:2017.2.32582
-
cpe:2.3:a:jetbrains:youtrack:2017.2.32799
-
cpe:2.3:a:jetbrains:youtrack:2017.2.32853
-
cpe:2.3:a:jetbrains:youtrack:2017.2.33063
-
cpe:2.3:a:jetbrains:youtrack:2017.2.33154
-
cpe:2.3:a:jetbrains:youtrack:2017.2.33372
-
cpe:2.3:a:jetbrains:youtrack:2017.2.33390
-
cpe:2.3:a:jetbrains:youtrack:2017.2.33766
-
cpe:2.3:a:jetbrains:youtrack:2017.2.34279
-
cpe:2.3:a:jetbrains:youtrack:2017.2.34480
-
cpe:2.3:a:jetbrains:youtrack:2017.2.35124
-
cpe:2.3:a:jetbrains:youtrack:2017.3.35488
-
cpe:2.3:a:jetbrains:youtrack:2017.3.35968
-
cpe:2.3:a:jetbrains:youtrack:2017.3.36019
-
cpe:2.3:a:jetbrains:youtrack:2017.3.36369
-
cpe:2.3:a:jetbrains:youtrack:2017.3.36626
-
cpe:2.3:a:jetbrains:youtrack:2017.3.36743
-
cpe:2.3:a:jetbrains:youtrack:2017.3.37116
-
cpe:2.3:a:jetbrains:youtrack:2017.3.37517
-
cpe:2.3:a:jetbrains:youtrack:2017.4.37623
-
cpe:2.3:a:jetbrains:youtrack:2017.4.37933
-
cpe:2.3:a:jetbrains:youtrack:2017.4.38030
-
cpe:2.3:a:jetbrains:youtrack:2017.4.38399
-
cpe:2.3:a:jetbrains:youtrack:2017.4.39083
-
cpe:2.3:a:jetbrains:youtrack:2017.4.39238
-
cpe:2.3:a:jetbrains:youtrack:2017.4.39406
-
cpe:2.3:a:jetbrains:youtrack:2017.4.39533
-
cpe:2.3:a:jetbrains:youtrack:2018.1.39916
-
cpe:2.3:a:jetbrains:youtrack:2018.1.40025
-
cpe:2.3:a:jetbrains:youtrack:2018.1.40066
-
cpe:2.3:a:jetbrains:youtrack:2018.1.40341
-
cpe:2.3:a:jetbrains:youtrack:2018.1.40840
-
cpe:2.3:a:jetbrains:youtrack:2018.1.41051
-
cpe:2.3:a:jetbrains:youtrack:2018.1.41561
-
cpe:2.3:a:jetbrains:youtrack:2018.1.41826
-
cpe:2.3:a:jetbrains:youtrack:2018.2.42133
-
cpe:2.3:a:jetbrains:youtrack:2018.2.42223
-
cpe:2.3:a:jetbrains:youtrack:2018.2.42284
-
cpe:2.3:a:jetbrains:youtrack:2018.2.42337
-
cpe:2.3:a:jetbrains:youtrack:2018.2.42881
-
cpe:2.3:a:jetbrains:youtrack:2018.2.43142
-
cpe:2.3:a:jetbrains:youtrack:2018.2.44329
-
cpe:2.3:a:jetbrains:youtrack:2018.2.45073
-
cpe:2.3:a:jetbrains:youtrack:2018.2.45146
-
cpe:2.3:a:jetbrains:youtrack:2018.2.45513
-
cpe:2.3:a:jetbrains:youtrack:2018.3.46358
-
cpe:2.3:a:jetbrains:youtrack:2018.3.46581
-
cpe:2.3:a:jetbrains:youtrack:2018.3.46727
-
cpe:2.3:a:jetbrains:youtrack:2018.3.47010
-
cpe:2.3:a:jetbrains:youtrack:2018.3.47078
-
cpe:2.3:a:jetbrains:youtrack:2018.3.47109
-
cpe:2.3:a:jetbrains:youtrack:2018.3.47247
-
cpe:2.3:a:jetbrains:youtrack:2018.3.47965
-
cpe:2.3:a:jetbrains:youtrack:2018.3.48045
-
cpe:2.3:a:jetbrains:youtrack:2018.4.48293
-
cpe:2.3:a:jetbrains:youtrack:2018.4.48406
-
cpe:2.3:a:jetbrains:youtrack:2018.4.48733
-
cpe:2.3:a:jetbrains:youtrack:3.3
-
cpe:2.3:a:jetbrains:youtrack:4.2.4
-
cpe:2.3:a:jetbrains:youtrack:5.2.5
-
cpe:2.3:a:jetbrains:youtrack:6.0.12124
-
cpe:2.3:a:jetbrains:youtrack:6.0.12634
-
cpe:2.3:a:jetbrains:youtrack:6.5.17031
-
cpe:2.3:a:jetbrains:youtrack:6.5.17057
-
cpe:2.3:a:jetbrains:youtrack:6.5.17105
-
cpe:2.3:a:jetbrains:youtrack:6.5.17122
-
cpe:2.3:a:jetbrains:youtrack:7.0.26198
-
cpe:2.3:a:jetbrains:youtrack:7.0.26630
-
cpe:2.3:a:jetbrains:youtrack:7.0.26754
-
cpe:2.3:a:jetbrains:youtrack:7.0.26927
-
cpe:2.3:a:jetbrains:youtrack:7.0.27676
-
cpe:2.3:a:jetbrains:youtrack:7.0.27705
-
cpe:2.3:a:jetbrains:youtrack:7.0.27777
-
cpe:2.3:a:jetbrains:youtrack:7.0.27965
-
cpe:2.3:a:jetbrains:youtrack:7.0.28110
-
cpe:2.3:a:jetbrains:youtrack:7.0.28450
-
cpe:2.3:a:jetbrains:youtrack:7.0.28958
-
cpe:2.3:a:jetbrains:youtrack:7.0.29566