CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Jetbrains » Youtrack » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-28650 79 XSS 2022-04-05 2022-04-18
3.5
None Remote Medium ??? None Partial None
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
2 CVE-2022-28649 1021 2022-04-05 2022-04-18
3.5
None Remote Medium ??? None Partial None
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
3 CVE-2022-28648 79 XSS 2022-04-05 2022-04-18
3.5
None Remote Medium ??? None Partial None
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
4 CVE-2022-24442 74 2022-02-25 2022-03-04
7.5
None Remote Low Not required Partial Partial Partial
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
5 CVE-2022-24347 79 XSS 2022-02-25 2022-03-04
3.5
None Remote Medium ??? None Partial None
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.
6 CVE-2022-24344 79 XSS 2022-02-25 2022-03-04
3.5
None Remote Medium ??? None Partial None
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.
7 CVE-2022-24343 276 2022-02-25 2022-03-04
4.0
None Remote Low ??? None Partial None
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
8 CVE-2021-43186 79 XSS 2021-11-09 2021-11-09
3.5
None Remote Medium ??? None Partial None
JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.
9 CVE-2021-43185 74 2021-11-09 2021-11-12
7.5
None Remote Low Not required Partial Partial Partial
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.
10 CVE-2021-43184 79 XSS 2021-11-09 2021-11-12
3.5
None Remote Medium ??? None Partial None
In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.
11 CVE-2021-37554 200 +Info 2021-08-06 2021-08-12
4.0
None Remote Low ??? Partial None None
In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.
12 CVE-2021-37553 338 2021-08-06 2021-08-13
5.0
None Remote Low Not required Partial None None
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
13 CVE-2021-37552 79 XSS 2021-08-06 2021-08-12
3.5
None Remote Medium ??? None Partial None
In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.
14 CVE-2021-37551 326 2021-08-06 2021-08-13
5.0
None Remote Low Not required Partial None None
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
15 CVE-2021-37550 697 2021-08-06 2021-08-12
5.0
None Remote Low Not required None Partial None
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.
16 CVE-2021-37549 2021-08-06 2021-08-12
6.4
None Remote Low Not required Partial Partial None
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.
17 CVE-2021-31905 200 +Info 2021-05-11 2021-05-14
5.0
None Remote Low Not required Partial None None
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.
18 CVE-2021-31903 79 XSS 2021-05-11 2021-05-17
4.3
None Remote Medium Not required None Partial None
In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS.
19 CVE-2021-31902 732 2021-05-11 2021-05-17
5.0
None Remote Low Not required None Partial None
In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.
20 CVE-2021-27733 79 XSS 2021-05-11 2021-05-17
3.5
None Remote Medium ??? None Partial None
In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.
21 CVE-2021-25771 200 +Info 2021-02-03 2021-02-04
5.0
None Remote Low Not required Partial None None
In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.
22 CVE-2021-25770 94 Exec Code 2021-02-03 2021-02-05
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
23 CVE-2021-25769 2021-02-03 2021-02-05
5.0
None Remote Low Not required None None Partial
In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.
24 CVE-2021-25768 732 2021-02-03 2021-02-05
5.0
None Remote Low Not required None Partial None
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.
25 CVE-2021-25767 200 Exec Code +Info 2021-02-03 2021-02-05
5.0
None Remote Low Not required Partial None None
In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.
26 CVE-2021-25766 2021-02-03 2021-02-08
5.0
None Remote Low Not required Partial None None
In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.
27 CVE-2021-25765 352 CSRF 2021-02-03 2021-02-04
6.8
None Remote Medium Not required Partial Partial Partial
In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.
28 CVE-2020-27626 918 2020-11-16 2020-11-21
5.0
None Remote Low Not required None Partial None
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.
29 CVE-2020-27625 2020-11-16 2020-11-21
5.0
None Remote Low Not required Partial None None
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.
30 CVE-2020-27624 918 2020-11-16 2020-11-21
5.0
None Remote Low Not required None Partial None
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.
31 CVE-2020-25210 200 +Info 2020-11-16 2021-07-21
5.0
None Remote Low Not required Partial None None
In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.
32 CVE-2020-25209 200 +Info 2020-11-16 2021-07-21
5.0
None Remote Low Not required Partial None None
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.
33 CVE-2020-25208 276 2021-02-03 2021-02-05
5.0
None Remote Low Not required Partial None None
In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.
34 CVE-2020-24618 2020-08-27 2022-04-28
4.0
None Remote Low ??? Partial None None
In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.
35 CVE-2020-15823 918 2020-08-08 2020-08-10
5.0
None Remote Low Not required Partial None None
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
36 CVE-2020-15822 918 2020-10-19 2020-10-22
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.
37 CVE-2020-15821 276 2020-08-08 2020-08-10
4.0
None Remote Low ??? None Partial None
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
38 CVE-2020-15820 200 +Info 2020-08-08 2021-07-21
5.0
None Remote Low Not required Partial None None
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
39 CVE-2020-15819 918 2020-08-08 2020-08-10
5.0
None Remote Low Not required Partial None None
JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.
40 CVE-2020-15818 200 +Info 2020-08-08 2021-07-21
5.0
None Remote Low Not required Partial None None
In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.
41 CVE-2020-15817 94 Exec Code 2020-08-08 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.
42 CVE-2020-11693 20 2020-04-22 2021-07-21
5.0
None Remote Low Not required None None Partial
JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.
43 CVE-2020-11692 276 2020-04-22 2020-04-27
4.0
None Remote Low ??? None Partial None
In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.
44 CVE-2020-7913 79 XSS 2020-01-30 2020-01-31
4.3
None Remote Medium Not required None Partial None
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.
45 CVE-2020-7912 668 2020-01-30 2020-02-01
5.0
None Remote Low Not required Partial None None
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.
46 CVE-2019-18369 276 2019-10-31 2019-11-01
5.0
None Remote Low Not required None Partial None
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.
47 CVE-2019-16171 79 XSS 2019-10-02 2019-10-03
4.3
None Remote Medium Not required None Partial None
In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.
48 CVE-2019-15041 601 2019-10-01 2019-10-08
5.8
None Remote Medium Not required Partial Partial None
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.
49 CVE-2019-15040 352 CSRF 2019-10-02 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.
50 CVE-2019-14956 281 2019-10-02 2019-10-03
4.0
None Remote Low ??? Partial None None
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.
Total number of vulnerabilities : 56   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.