Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Youtrack
(Jetbrains)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 92 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-12-04 | CVE-2024-54153 | In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter | Youtrack | 6.5 | ||
| 2024-12-04 | CVE-2024-54154 | In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox | Youtrack | 9.8 | ||
| 2024-12-04 | CVE-2024-54155 | In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication | Youtrack | 5.3 | ||
| 2024-12-04 | CVE-2024-54156 | In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack | Youtrack | 6.5 | ||
| 2024-12-04 | CVE-2024-54157 | In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector | Youtrack | 6.5 | ||
| 2024-12-04 | CVE-2024-54158 | In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding | Youtrack | 5.3 | ||
| 2025-01-21 | CVE-2025-24457 | In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs | Youtrack | 5.5 | ||
| 2025-01-21 | CVE-2025-24458 | In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration | Youtrack | 7.8 | ||
| 2024-05-16 | CVE-2024-35299 | In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation | Youtrack | 7.5 | ||
| 2024-03-07 | CVE-2024-28228 | In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible | Youtrack | 5.3 |