VYPR

Youtrack

by Jetbrains

CVEs (114)

  • CVE-2021-43190Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible.

  • CVE-2021-43192Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible.

  • CVE-2021-43191Nov 9, 2021
    risk 0.00cvss epss 0.01

    JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS.

  • CVE-2021-43184Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.

  • CVE-2021-43185Nov 9, 2021
    risk 0.00cvss epss 0.02

    JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.

  • CVE-2021-43186Nov 9, 2021
    risk 0.00cvss epss 0.01

    JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.

  • CVE-2021-37554Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.

  • CVE-2021-37553Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.

  • CVE-2021-37551Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.

  • CVE-2021-37552Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.

  • CVE-2021-37550Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.

  • CVE-2021-37549Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.

  • CVE-2021-31905May 11, 2021
    risk 0.00cvss epss 0.02

    In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.

  • CVE-2021-31902May 11, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.

  • CVE-2021-31903May 11, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS.

  • CVE-2021-27733May 11, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.

  • CVE-2021-25771Feb 3, 2021
    risk 0.00cvss epss 0.02

    In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.

  • CVE-2021-25770Feb 3, 2021
    risk 0.00cvss epss 0.03

    In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.

  • CVE-2021-25769Feb 3, 2021
    risk 0.00cvss epss 0.02

    In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.

  • CVE-2021-25768Feb 3, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.

Page 4 of 6