Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Youtrack
(Jetbrains)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 83 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-10-28 | CVE-2024-50581 | In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag | Youtrack | 5.4 | ||
| 2024-10-28 | CVE-2024-50582 | In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements | Youtrack | 5.4 | ||
| 2024-10-10 | CVE-2024-48902 | In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API | Youtrack | 5.4 | ||
| 2024-09-19 | CVE-2024-47160 | In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible | Youtrack | 5.3 | ||
| 2024-09-19 | CVE-2024-47159 | In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project | Youtrack | 4.3 | ||
| 2024-09-19 | CVE-2024-47162 | In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page | Youtrack | 5.3 | ||
| 2020-04-22 | CVE-2020-11693 | JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue. | Youtrack | 7.5 | ||
| 2020-04-22 | CVE-2020-11692 | In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators. | Youtrack | N/A | ||
| 2019-10-31 | CVE-2019-18369 | In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. | Youtrack | N/A | ||
| 2019-10-01 | CVE-2019-15041 | JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere. | Youtrack | N/A |