Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Youtrack
(Jetbrains)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 83 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-04-22 | CVE-2020-11692 | In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators. | Youtrack | N/A | ||
| 2019-10-31 | CVE-2019-18369 | In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. | Youtrack | N/A | ||
| 2019-10-01 | CVE-2019-15041 | JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere. | Youtrack | N/A | ||
| 2019-10-02 | CVE-2019-16171 | In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page. | Youtrack | N/A | ||
| 2019-10-02 | CVE-2019-15040 | JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page. | Youtrack | N/A | ||
| 2019-10-02 | CVE-2019-14956 | JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names. | Youtrack | N/A | ||
| 2019-10-01 | CVE-2019-14953 | JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser. | Youtrack | N/A | ||
| 2019-10-01 | CVE-2019-14952 | JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles. | Youtrack | N/A | ||
| 2019-07-03 | CVE-2019-12867 | Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168. | Youtrack | 9.8 | ||
| 2019-07-03 | CVE-2019-12866 | An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168. | Youtrack | 9.8 |