Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Youtrack
(Jetbrains)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 83 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-10-02 | CVE-2019-16171 | In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page. | Youtrack | N/A | ||
| 2019-10-02 | CVE-2019-15040 | JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page. | Youtrack | N/A | ||
| 2019-10-02 | CVE-2019-14956 | JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names. | Youtrack | N/A | ||
| 2019-10-01 | CVE-2019-14953 | JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser. | Youtrack | N/A | ||
| 2019-10-01 | CVE-2019-14952 | JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles. | Youtrack | N/A | ||
| 2019-07-03 | CVE-2019-12867 | Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168. | Youtrack | 9.8 | ||
| 2019-07-03 | CVE-2019-12866 | An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168. | Youtrack | 9.8 | ||
| 2019-07-03 | CVE-2019-12852 | An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168. | Youtrack | 9.8 | ||
| 2019-07-03 | CVE-2019-12851 | A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852. | Youtrack | 8.8 | ||
| 2019-07-03 | CVE-2019-12850 | A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168. | Youtrack | 9.8 |