Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jetbrains youtrack vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-12850
A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.
Jetbrains Youtrack
6.8
CVSSv2
CVE-2019-12851
A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852.
Jetbrains Youtrack
7.5
CVSSv2
CVE-2019-12852
An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168.
Jetbrains Youtrack
7.5
CVSSv2
CVE-2019-12866
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
Jetbrains Youtrack
7.5
CVSSv2
CVE-2019-12867
Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
Jetbrains Youtrack
4
CVSSv2
CVE-2020-24618
In JetBrains YouTrack versions prior to 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.
Jetbrains Youtrack
3.5
CVSSv2
CVE-2022-28648
In JetBrains YouTrack prior to 2022.1.43563 HTML code from the issue description was being rendered
Jetbrains Youtrack
3.5
CVSSv2
CVE-2022-28649
In JetBrains YouTrack prior to 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
Jetbrains Youtrack
3.5
CVSSv2
CVE-2022-28650
In JetBrains YouTrack prior to 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
Jetbrains Youtrack
4.3
CVSSv2
CVE-2019-14952
JetBrains YouTrack versions prior to 2019.1.52584 had a possible XSS in the issue titles.
Jetbrains Youtrack
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »