Jetbrains: >> Youtrack Security Vulnerabilities
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.
CVSS Score
8.8
EPSS Score
0.0
Published
2019-10-02
In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-10-02
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.
CVSS Score
4.3
EPSS Score
0.0
Published
2019-10-02
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-10-01
JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-10-01
JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-10-01
An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-07-03
A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-07-03
A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852.
CVSS Score
8.8
EPSS Score
0.0
Published
2019-07-03