Skip to main content

Youtrack

113 CVEs product

Monthly

CVE-2020-24618 MEDIUM This Month

In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-15823 HIGH This Week

JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-15821 MEDIUM This Month

In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Youtrack
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-15820 MEDIUM This Month

In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-15819 MEDIUM This Month

JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-15818 MEDIUM This Month

In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-15817 HIGH This Week

In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-11693 HIGH This Week

JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-11692 LOW Monitor

In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Youtrack
NVD
CVSS 3.1
2.7
EPSS
0.9%
CVE-2020-7913 MEDIUM This Month

JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-7912 MEDIUM This Month

In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-18369 MEDIUM This Month

In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-16171 MEDIUM This Month

In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-15040 HIGH This Week

JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Youtrack
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-14956 MEDIUM This Month

JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-15041 MEDIUM This Month

JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Youtrack
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-14953 MEDIUM This Month

JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Youtrack
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-14952 MEDIUM This Month

JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-12852 CRITICAL Act Now

An SSRF attack was possible on a JetBrains YouTrack server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-12867 CRITICAL Act Now

Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Youtrack
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-12866 CRITICAL Act Now

An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Youtrack
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-12851 HIGH This Week

A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Youtrack
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-12850 CRITICAL Act Now

A query injection was possible in JetBrains YouTrack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Youtrack
NVD
CVSS 3.0
9.8
EPSS
2.1%
EPSS 2% CVSS 6.5
MEDIUM This Month

In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
EPSS 2% CVSS 7.5
HIGH This Week

JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Youtrack
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
EPSS 2% CVSS 8.8
HIGH This Week

In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
EPSS 2% CVSS 7.5
HIGH This Week

JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
EPSS 1% CVSS 2.7
LOW Monitor

In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Youtrack
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Youtrack
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
EPSS 1% CVSS 8.8
HIGH This Week

JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Youtrack
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Youtrack
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Youtrack
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An SSRF attack was possible on a JetBrains YouTrack server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Youtrack
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Youtrack
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Youtrack
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A query injection was possible in JetBrains YouTrack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Youtrack
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy