Youtrack Mobile
CVE-2021-43188
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionNVD
In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete.
AnalysisAI
In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete. Affected products include: Jetbrains Youtrack Mobile. Version information: before 2021.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Youtrack Mobile
View allIn JetBrains YouTrack Mobile before 2021.2, access token protection on Android is incomplete. Rated high severity (CVSS
In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible. Rated medium severity (CVSS 5.3), this
JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS. Rated medium severity (CVSS
In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible. Rated medium severity (CVSS 5.3), thi
In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information. Rated medi
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today