Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Youtrack
(Jetbrains)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 83 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-15 | CVE-2023-50871 | In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed | Youtrack | 4.3 | ||
| 2024-01-09 | CVE-2024-22370 | In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible | Youtrack | 5.4 | ||
| 2024-06-18 | CVE-2024-38504 | In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles | Youtrack | 5.3 | ||
| 2024-06-18 | CVE-2024-38505 | In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site | Youtrack | 7.5 | ||
| 2024-06-18 | CVE-2024-38506 | In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows | Youtrack | 8.1 | ||
| 2024-10-17 | CVE-2024-49579 | In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests | Youtrack | 6.1 | ||
| 2024-10-28 | CVE-2024-50574 | In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality | Youtrack | 7.5 | ||
| 2024-10-28 | CVE-2024-50575 | In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API | Youtrack | 6.1 | ||
| 2024-10-28 | CVE-2024-50576 | In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest | Youtrack | 5.4 | ||
| 2024-10-28 | CVE-2024-50577 | In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings | Youtrack | 5.4 |