Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Youtrack
(Jetbrains)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 83 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-06-18 | CVE-2024-38505 | In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site | Youtrack | 7.5 | ||
| 2024-06-18 | CVE-2024-38506 | In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows | Youtrack | 8.1 | ||
| 2024-10-17 | CVE-2024-49579 | In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests | Youtrack | 6.1 | ||
| 2024-10-28 | CVE-2024-50574 | In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality | Youtrack | 7.5 | ||
| 2024-10-28 | CVE-2024-50575 | In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API | Youtrack | 6.1 | ||
| 2024-10-28 | CVE-2024-50576 | In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest | Youtrack | 5.4 | ||
| 2024-10-28 | CVE-2024-50577 | In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings | Youtrack | 5.4 | ||
| 2024-10-28 | CVE-2024-50578 | In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page | Youtrack | 5.4 | ||
| 2024-10-28 | CVE-2024-50579 | In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible | Youtrack | 6.1 | ||
| 2024-10-28 | CVE-2024-50580 | In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule | Youtrack | 5.4 |