JetBrains YouTrack versions prior to 2019.1 had a CSRF vulnerability on the settings page.
jetbrains youtrack