In JetBrains YouTrack prior to 2020.3.7955, an attacker could access workflow rules without appropriate access grants.
jetbrains youtrack