Jetbrains: >> Youtrack >> 2017.1.30867 Security Vulnerabilities
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.
CVSS Score
4.3
EPSS Score
0.0
Published
2019-10-02
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-10-01
JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-10-01
JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-10-01
An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-07-03
A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-07-03
A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852.
CVSS Score
8.8
EPSS Score
0.0
Published
2019-07-03
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-07-03
Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-07-03
Page 9