VYPR

Youtrack

by Jetbrains

CVEs (114)

  • CVE-2025-54527Jul 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions

  • CVE-2025-53959Jul 15, 2025
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible

  • CVE-2025-47850May 20, 2025
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning

  • CVE-2025-48391May 20, 2025
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API

  • CVE-2025-24458Jan 21, 2025
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration

  • CVE-2025-24457Jan 21, 2025
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs

  • CVE-2024-54158Dec 4, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding

  • CVE-2024-54157Dec 4, 2024
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector

  • CVE-2024-54156Dec 4, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack

  • CVE-2024-54155Dec 4, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication

  • CVE-2024-54154Dec 4, 2024
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox

  • CVE-2024-54153Dec 4, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter

  • CVE-2024-50574Oct 28, 2024
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality

  • CVE-2024-49579Oct 17, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests

  • CVE-2024-48902Oct 10, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API

  • CVE-2024-47162Sep 19, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page

  • CVE-2024-47160Sep 19, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible

  • CVE-2024-47159Sep 19, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project

  • CVE-2024-38506Jun 18, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows

  • CVE-2024-38505Jun 18, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site

Page 2 of 6