VYPR

Youtrack

by Jetbrains

CVEs (114)

  • CVE-2021-25767Feb 3, 2021
    risk 0.00cvss epss 0.03

    In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.

  • CVE-2021-25766Feb 3, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.

  • CVE-2020-25208Feb 3, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.

  • CVE-2021-25765Feb 3, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.

  • CVE-2020-27624Nov 16, 2020
    risk 0.00cvss epss 0.01

    JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.

  • CVE-2020-27625Nov 16, 2020
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.

  • CVE-2020-27626Nov 16, 2020
    risk 0.00cvss epss 0.01

    JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.

  • CVE-2020-25209Nov 16, 2020
    risk 0.00cvss epss 0.02

    In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.

  • CVE-2020-24366Nov 16, 2020
    risk 0.00cvss epss 0.00

    Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.

  • CVE-2020-25210Nov 16, 2020
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.

  • CVE-2020-15822Oct 19, 2020
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.

  • CVE-2020-24618Aug 27, 2020
    risk 0.00cvss epss 0.02

    In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.

  • CVE-2020-15823Aug 8, 2020
    risk 0.00cvss epss 0.02

    JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.

  • CVE-2020-15821Aug 8, 2020
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.

  • CVE-2020-15820Aug 8, 2020
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.

  • CVE-2020-15819Aug 8, 2020
    risk 0.00cvss epss 0.01

    JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.

  • CVE-2020-15817Aug 8, 2020
    risk 0.00cvss epss 0.02

    In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.

  • CVE-2020-15818Aug 8, 2020
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.

  • CVE-2020-11693Apr 22, 2020
    risk 0.00cvss epss 0.02

    JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.

  • CVE-2020-11692Apr 22, 2020
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.

Page 5 of 6