Jetbrains: >> Youtrack >> 2025.3 Security Vulnerabilities
In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass
CVSS Score
7.2
EPSS Score
0.0
Published
2026-04-17
In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint
CVSS Score
8.8
EPSS Score
0.0
Published
2026-02-25
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-09
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit
CVSS Score
2.7
EPSS Score
0.0
Published
2025-11-11
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
CVSS Score
8.1
EPSS Score
0.0
Published
2025-11-10
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
CVSS Score
4.3
EPSS Score
0.0
Published
2025-11-10
In JetBrains YouTrack before 2025.2.86935,
2025.2.87167,
2025.3.87341,
2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
CVSS Score
6.1
EPSS Score
0.0
Published
2025-07-28