Youtrack
by Jetbrains
CVEs (114)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-25767 | 0.00 | — | 0.03 | Feb 3, 2021 | In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution. | |||
| CVE-2021-25766 | 0.00 | — | 0.01 | Feb 3, 2021 | In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made. | |||
| CVE-2020-25208 | 0.00 | — | 0.01 | Feb 3, 2021 | In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions. | |||
| CVE-2021-25765 | 0.00 | — | 0.01 | Feb 3, 2021 | In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible. | |||
| CVE-2020-27624 | 0.00 | — | 0.01 | Nov 16, 2020 | JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. | |||
| CVE-2020-27625 | 0.00 | — | 0.01 | Nov 16, 2020 | In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues. | |||
| CVE-2020-27626 | 0.00 | — | 0.01 | Nov 16, 2020 | JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. | |||
| CVE-2020-25209 | 0.00 | — | 0.02 | Nov 16, 2020 | In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API. | |||
| CVE-2020-24366 | 0.00 | — | 0.00 | Nov 16, 2020 | Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups. | |||
| CVE-2020-25210 | 0.00 | — | 0.01 | Nov 16, 2020 | In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants. | |||
| CVE-2020-15822 | 0.00 | — | 0.01 | Oct 19, 2020 | In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. | |||
| CVE-2020-24618 | 0.00 | — | 0.02 | Aug 27, 2020 | In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access. | |||
| CVE-2020-15823 | 0.00 | — | 0.02 | Aug 8, 2020 | JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. | |||
| CVE-2020-15821 | 0.00 | — | 0.01 | Aug 8, 2020 | In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. | |||
| CVE-2020-15820 | 0.00 | — | 0.01 | Aug 8, 2020 | In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. | |||
| CVE-2020-15819 | 0.00 | — | 0.01 | Aug 8, 2020 | JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. | |||
| CVE-2020-15817 | 0.00 | — | 0.02 | Aug 8, 2020 | In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. | |||
| CVE-2020-15818 | 0.00 | — | 0.01 | Aug 8, 2020 | In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. | |||
| CVE-2020-11693 | 0.00 | — | 0.02 | Apr 22, 2020 | JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue. | |||
| CVE-2020-11692 | 0.00 | — | 0.01 | Apr 22, 2020 | In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators. |
- CVE-2021-25767Feb 3, 2021risk 0.00cvss —epss 0.03
In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.
- CVE-2021-25766Feb 3, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.
- CVE-2020-25208Feb 3, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.
- CVE-2021-25765Feb 3, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.
- CVE-2020-27624Nov 16, 2020risk 0.00cvss —epss 0.01
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.
- CVE-2020-27625Nov 16, 2020risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.
- CVE-2020-27626Nov 16, 2020risk 0.00cvss —epss 0.01
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.
- CVE-2020-25209Nov 16, 2020risk 0.00cvss —epss 0.02
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.
- CVE-2020-24366Nov 16, 2020risk 0.00cvss —epss 0.00
Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.
- CVE-2020-25210Nov 16, 2020risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.
- CVE-2020-15822Oct 19, 2020risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.
- CVE-2020-24618Aug 27, 2020risk 0.00cvss —epss 0.02
In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.
- CVE-2020-15823Aug 8, 2020risk 0.00cvss —epss 0.02
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
- CVE-2020-15821Aug 8, 2020risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
- CVE-2020-15820Aug 8, 2020risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
- CVE-2020-15819Aug 8, 2020risk 0.00cvss —epss 0.01
JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.
- CVE-2020-15817Aug 8, 2020risk 0.00cvss —epss 0.02
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.
- CVE-2020-15818Aug 8, 2020risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.
- CVE-2020-11693Apr 22, 2020risk 0.00cvss —epss 0.02
JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.
- CVE-2020-11692Apr 22, 2020risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.
Page 5 of 6