Filtered by vendor Jetbrains
Subscriptions
Filtered by product Youtrack
Subscriptions
Total
92 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15820 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.3 Medium |
| In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. | ||||
| CVE-2020-15819 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.3 Medium |
| JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. | ||||
| CVE-2020-15818 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.3 Medium |
| In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. | ||||
| CVE-2020-15817 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 8.8 High |
| In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. | ||||
| CVE-2020-11693 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.5 High |
| JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue. | ||||
| CVE-2020-11692 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 2.7 Low |
| In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators. | ||||
| CVE-2019-18369 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.3 Medium |
| In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. | ||||
| CVE-2019-16171 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 6.1 Medium |
| In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page. | ||||
| CVE-2019-15041 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 6.1 Medium |
| JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere. | ||||
| CVE-2019-15040 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 8.8 High |
| JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page. | ||||
| CVE-2019-14956 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 4.3 Medium |
| JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names. | ||||
| CVE-2019-14953 | 2 Jetbrains, Mozilla | 2 Youtrack, Firefox | 2024-11-21 | 6.1 Medium |
| JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser. | ||||
| CVE-2019-14952 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 6.1 Medium |
| JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles. | ||||
| CVE-2019-12867 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | N/A |
| Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168. | ||||
| CVE-2019-12866 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | N/A |
| An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168. | ||||
| CVE-2019-12852 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | N/A |
| An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168. | ||||
| CVE-2019-12851 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | N/A |
| A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852. | ||||
| CVE-2019-12850 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | N/A |
| A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168. | ||||
| CVE-2024-49579 | 1 Jetbrains | 1 Youtrack | 2024-11-14 | 8.1 High |
| In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests | ||||
| CVE-2024-50575 | 1 Jetbrains | 1 Youtrack | 2024-10-29 | 4.6 Medium |
| In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API | ||||