Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
youtrack vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-24442
JetBrains YouTrack prior to 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
Jetbrains Youtrack
1 Github repository
5.3
CVSSv3
CVE-2021-25768
In JetBrains YouTrack prior to 2020.4.4701, permissions for attachments actions were checked improperly.
Jetbrains Youtrack
9.8
CVSSv3
CVE-2021-25770
In JetBrains YouTrack prior to 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
Jetbrains Youtrack
2 Github repositories
3.3
CVSSv3
CVE-2020-24366
Sensitive information could be disclosed in the JetBrains YouTrack application prior to 2020.2.0 for Android via application backups.
Jetbrains Youtrack
6.5
CVSSv3
CVE-2020-24618
In JetBrains YouTrack versions prior to 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.
Jetbrains Youtrack
5.3
CVSSv3
CVE-2020-25208
In JetBrains YouTrack prior to 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.
Jetbrains Youtrack
7.5
CVSSv3
CVE-2020-25209
In JetBrains YouTrack prior to 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.
Jetbrains Youtrack
5.3
CVSSv3
CVE-2020-7912
In JetBrains YouTrack prior to 2019.2.59309, SMTP/Jabber settings could be accessed using backups.
Jetbrains Youtrack
6.1
CVSSv3
CVE-2020-7913
JetBrains YouTrack 2019.2 prior to 2019.2.59309 was vulnerable to XSS via an issue description.
Jetbrains Youtrack
5.3
CVSSv3
CVE-2021-37551
In JetBrains YouTrack prior to 2021.2.16363, system user passwords were hashed with SHA-256.
Jetbrains Youtrack
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »