Youtrack
by Jetbrains
CVEs (114)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-43190 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible. | |||
| CVE-2021-43192 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible. | |||
| CVE-2021-43191 | 0.00 | — | 0.01 | Nov 9, 2021 | JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS. | |||
| CVE-2021-43184 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains YouTrack before 2021.3.21051, stored XSS is possible. | |||
| CVE-2021-43185 | 0.00 | — | 0.02 | Nov 9, 2021 | JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection. | |||
| CVE-2021-43186 | 0.00 | — | 0.01 | Nov 9, 2021 | JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS. | |||
| CVE-2021-37554 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions. | |||
| CVE-2021-37553 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. | |||
| CVE-2021-37551 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256. | |||
| CVE-2021-37552 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. | |||
| CVE-2021-37550 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used. | |||
| CVE-2021-37549 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient. | |||
| CVE-2021-31905 | 0.00 | — | 0.02 | May 11, 2021 | In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible. | |||
| CVE-2021-31902 | 0.00 | — | 0.01 | May 11, 2021 | In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly. | |||
| CVE-2021-31903 | 0.00 | — | 0.01 | May 11, 2021 | In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS. | |||
| CVE-2021-27733 | 0.00 | — | 0.01 | May 11, 2021 | In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment. | |||
| CVE-2021-25771 | 0.00 | — | 0.02 | Feb 3, 2021 | In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed. | |||
| CVE-2021-25770 | 0.00 | — | 0.03 | Feb 3, 2021 | In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution. | |||
| CVE-2021-25769 | 0.00 | — | 0.02 | Feb 3, 2021 | In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments. | |||
| CVE-2021-25768 | 0.00 | — | 0.01 | Feb 3, 2021 | In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly. |
- CVE-2021-43190Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible.
- CVE-2021-43192Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible.
- CVE-2021-43191Nov 9, 2021risk 0.00cvss —epss 0.01
JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS.
- CVE-2021-43184Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.
- CVE-2021-43185Nov 9, 2021risk 0.00cvss —epss 0.02
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.
- CVE-2021-43186Nov 9, 2021risk 0.00cvss —epss 0.01
JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.
- CVE-2021-37554Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.
- CVE-2021-37553Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
- CVE-2021-37551Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
- CVE-2021-37552Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.
- CVE-2021-37550Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.
- CVE-2021-37549Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.
- CVE-2021-31905May 11, 2021risk 0.00cvss —epss 0.02
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.
- CVE-2021-31902May 11, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.
- CVE-2021-31903May 11, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS.
- CVE-2021-27733May 11, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.
- CVE-2021-25771Feb 3, 2021risk 0.00cvss —epss 0.02
In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.
- CVE-2021-25770Feb 3, 2021risk 0.00cvss —epss 0.03
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
- CVE-2021-25769Feb 3, 2021risk 0.00cvss —epss 0.02
In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.
- CVE-2021-25768Feb 3, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.
Page 4 of 6