Youtrack CVEs and Security Vulnerabilities

Filtered by vendor Jetbrains Subscriptions

Filtered by product Youtrack Subscriptions

Search

Switch to Advanced Search (Beta)

Total 92 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-28650	1 Jetbrains	1 Youtrack	2024-11-21	7.3 High
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
CVE-2022-28649	1 Jetbrains	1 Youtrack	2024-11-21	4.6 Medium
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
CVE-2022-28648	1 Jetbrains	1 Youtrack	2024-11-21	5.7 Medium
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
CVE-2022-24442	1 Jetbrains	1 Youtrack	2024-11-21	9.8 Critical
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
CVE-2022-24347	1 Jetbrains	1 Youtrack	2024-11-21	5.4 Medium
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.
CVE-2022-24344	1 Jetbrains	1 Youtrack	2024-11-21	5.4 Medium
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.
CVE-2022-24343	1 Jetbrains	1 Youtrack	2024-11-21	4.3 Medium
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
CVE-2021-43186	1 Jetbrains	1 Youtrack	2024-11-21	5.4 Medium
JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.
CVE-2021-43185	1 Jetbrains	1 Youtrack	2024-11-21	9.8 Critical
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.
CVE-2021-43184	1 Jetbrains	1 Youtrack	2024-11-21	5.4 Medium
In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.
CVE-2021-37554	1 Jetbrains	1 Youtrack	2024-11-21	4.3 Medium
In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.
CVE-2021-37553	1 Jetbrains	1 Youtrack	2024-11-21	7.5 High
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
CVE-2021-37552	1 Jetbrains	1 Youtrack	2024-11-21	5.4 Medium
In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.
CVE-2021-37551	1 Jetbrains	1 Youtrack	2024-11-21	5.3 Medium
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
CVE-2021-37550	1 Jetbrains	1 Youtrack	2024-11-21	7.5 High
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.
CVE-2021-37549	1 Jetbrains	1 Youtrack	2024-11-21	9.1 Critical
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.
CVE-2021-31905	1 Jetbrains	1 Youtrack	2024-11-21	7.5 High
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.
CVE-2021-31903	1 Jetbrains	1 Youtrack	2024-11-21	6.1 Medium
In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS.
CVE-2021-31902	1 Jetbrains	1 Youtrack	2024-11-21	7.5 High
In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.
CVE-2021-27733	1 Jetbrains	1 Youtrack	2024-11-21	5.4 Medium
In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.

« first previous Page 2 of 5. next last »