Filtered by vendor Jetbrains
Subscriptions
Filtered by product Youtrack
Subscriptions
Total
92 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54155 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 3.7 Low |
| In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication | ||||
| CVE-2024-54154 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 8 High |
| In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox | ||||
| CVE-2024-54153 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 3.1 Low |
| In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter | ||||
| CVE-2024-54158 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | 3.5 Low |
| In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding | ||||
| CVE-2024-54157 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | 4.3 Medium |
| In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector | ||||
| CVE-2024-54156 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | 4.2 Medium |
| In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack | ||||
| CVE-2025-24458 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | 7.1 High |
| In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration | ||||
| CVE-2025-24457 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | 5.5 Medium |
| In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs | ||||
| CVE-2024-35299 | 1 Jetbrains | 1 Youtrack | 2025-01-28 | 5.9 Medium |
| In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation | ||||
| CVE-2023-35053 | 1 Jetbrains | 1 Youtrack | 2025-01-03 | 7.5 High |
| In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms | ||||
| CVE-2023-35054 | 1 Jetbrains | 1 Youtrack | 2025-01-03 | 4.6 Medium |
| In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible | ||||
| CVE-2024-28228 | 1 Jetbrains | 1 Youtrack | 2024-12-16 | 5.3 Medium |
| In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible | ||||
| CVE-2024-28229 | 1 Jetbrains | 1 Youtrack | 2024-12-16 | 6.5 Medium |
| In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles | ||||
| CVE-2024-28230 | 1 Jetbrains | 1 Youtrack | 2024-12-16 | 6.5 Medium |
| In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions | ||||
| CVE-2024-38506 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 6.3 Medium |
| In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows | ||||
| CVE-2024-38505 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.3 Medium |
| In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site | ||||
| CVE-2024-38504 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 4.3 Medium |
| In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles | ||||
| CVE-2024-22370 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 4.6 Medium |
| In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible | ||||
| CVE-2023-50871 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 4.3 Medium |
| In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed | ||||
| CVE-2023-38068 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 6.5 Medium |
| In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms | ||||