Youtrack
Sign in to watchby Jetbrains
CVEs (48)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-24457 | 0.00 | — | 0.00 | Jan 21, 2025 | In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs | ||
| CVE-2024-54158 | 0.00 | — | 0.00 | Dec 4, 2024 | In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding | ||
| CVE-2024-54157 | 0.00 | — | 0.00 | Dec 4, 2024 | In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector | ||
| CVE-2024-54156 | 0.00 | — | 0.00 | Dec 4, 2024 | In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack | ||
| CVE-2024-54155 | 0.00 | — | 0.00 | Dec 4, 2024 | In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication | ||
| CVE-2024-54154 | 0.00 | — | 0.00 | Dec 4, 2024 | In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox | ||
| CVE-2024-54153 | 0.00 | — | 0.00 | Dec 4, 2024 | In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter | ||
| CVE-2024-50574 | 0.00 | — | 0.00 | Oct 28, 2024 | In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality | ||
| CVE-2024-49579 | 0.00 | — | 0.00 | Oct 17, 2024 | In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests | ||
| CVE-2024-48902 | 0.00 | — | 0.00 | Oct 10, 2024 | In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API | ||
| CVE-2024-47162 | 0.00 | — | 0.00 | Sep 19, 2024 | In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page | ||
| CVE-2024-47160 | 0.00 | — | 0.00 | Sep 19, 2024 | In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible | ||
| CVE-2024-47159 | 0.00 | — | 0.00 | Sep 19, 2024 | In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project | ||
| CVE-2024-38506 | 0.00 | — | 0.00 | Jun 18, 2024 | In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows | ||
| CVE-2024-38505 | 0.00 | — | 0.00 | Jun 18, 2024 | In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site | ||
| CVE-2024-38504 | 0.00 | — | 0.00 | Jun 18, 2024 | In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles | ||
| CVE-2024-35299 | 0.00 | — | 0.00 | May 16, 2024 | In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation | ||
| CVE-2024-28230 | 0.00 | — | 0.00 | Mar 7, 2024 | In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions | ||
| CVE-2024-28229 | 0.00 | — | 0.00 | Mar 7, 2024 | In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles | ||
| CVE-2024-28228 | 0.00 | — | 0.00 | Mar 7, 2024 | In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible |
Page 2 of 3