By Risk Score
By Publish Date
By Recent Activity
youtrack vulnerabilities and exploits
(subscribe to this query)
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names....
Jenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system....
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence....
1 Github repository available
A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168....
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168....
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible....
JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles....
In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators....
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component....
2 Github repositories available
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups....