Jetbrains: >> Youtrack >> 2017.1.30867 Security Vulnerabilities
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-08-08
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-08-08
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-08-08
In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-08-08
JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-08-08
In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.
CVSS Score
2.7
EPSS Score
0.0
Published
2020-04-22
JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.
CVSS Score
8.8
EPSS Score
0.0
Published
2019-10-02
In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-10-02