Approved changes feed: RSS · Atom
cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Jetbrains (b1b7db7a-bd16-5477-8e89-fb64c5636fcd) |
|---|---|
| Product | Youtrack (75ca2499-b4dd-5471-bda1-859d3b944d4d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-49386 |
vulnerable | 2026-06-03 15:26:24.136777 |
Details available
MEDIUM (6.5)
In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas
Published: 2026-05-29T18:15:54.714Z
Updated: 2026-05-29T19:03:55.994Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-49385 |
vulnerable | 2026-06-03 15:26:24.136547 |
Details available
MEDIUM (6.5)
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts
Published: 2026-05-29T18:15:54.342Z
Updated: 2026-05-29T19:27:11.563Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-49370 |
vulnerable | 2026-06-03 15:26:24.129166 |
Details available
LOW (3.4)
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests
Published: 2026-05-29T18:15:47.385Z
Updated: 2026-05-29T19:30:39.849Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-49369 |
vulnerable | 2026-06-03 15:26:24.128918 |
Details available
MEDIUM (4.3)
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages
Published: 2026-05-29T18:15:46.993Z
Updated: 2026-05-29T19:30:54.245Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-49368 |
vulnerable | 2026-06-03 15:26:24.128611 |
Details available
HIGH (8.7)
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
Published: 2026-05-29T18:15:46.548Z
Updated: 2026-05-29T19:31:08.334Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-33392 |
vulnerable | 2026-06-03 15:20:44.752345 |
Details available
HIGH (7.2)
In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass
Published: 2026-04-17T07:46:11.710Z
Updated: 2026-04-18T03:55:54.262Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-28193 |
vulnerable | 2026-06-03 15:18:08.124693 |
Details available
HIGH (8.8)
In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint
Published: 2026-02-25T12:57:27.463Z
Updated: 2026-02-26T14:44:06.777Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-25846 |
vulnerable | 2026-06-03 15:18:04.384407 |
Details available
MEDIUM (6.5)
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs
Published: 2026-02-09T10:38:59.786Z
Updated: 2026-02-09T13:46:19.192Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-64773 |
vulnerable | 2026-06-03 15:09:39.788801 |
Details available
LOW (2.7)
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit
Published: 2025-11-11T15:23:19.653Z
Updated: 2025-12-11T19:00:41.658Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-64685 |
vulnerable | 2026-06-03 15:09:39.666563 |
Details available
HIGH (8.1)
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
Published: 2025-11-10T13:27:58.093Z
Updated: 2026-02-26T17:47:05.797Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-64684 |
vulnerable | 2026-06-03 15:09:39.665696 |
Details available
MEDIUM (4.5)
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
Published: 2025-11-10T13:27:57.428Z
Updated: 2025-11-10T14:50:23.510Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57731 |
vulnerable | 2026-06-03 15:04:59.917486 |
Details available
HIGH (8.7)
In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content
Published: 2025-08-20T09:13:59.700Z
Updated: 2025-08-20T15:25:43.894Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54527 |
vulnerable | 2026-06-03 15:04:56.246867 |
Details available
MEDIUM (6.1)
In JetBrains YouTrack before 2025.2.86935,
2025.2.87167,
2025.3.87341,
2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
Published: 2025-07-28T16:20:38.600Z
Updated: 2025-07-28T17:26:29.884Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53959 |
vulnerable | 2026-06-03 15:03:55.385262 |
Details available
HIGH (7.6)
In JetBrains YouTrack before 2025.2.86069,
2024.3.85077,
2025.1.86199 email spoofing via an administrative API was possible
Published: 2025-07-15T16:26:57.469Z
Updated: 2025-07-15T17:21:45.428Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48391 |
vulnerable | 2026-06-03 15:01:34.570195 |
Details available
HIGH (7.7)
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API
Published: 2025-05-20T17:37:42.265Z
Updated: 2025-05-20T17:51:27.480Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-47850 |
vulnerable | 2026-06-03 15:01:33.450845 |
Details available
MEDIUM (4.3)
In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning
Published: 2025-05-20T17:37:43.234Z
Updated: 2025-05-20T17:51:14.017Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-24458 |
vulnerable | 2026-06-03 14:59:56.035209 |
Details available
HIGH (7.1)
In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration
Published: 2025-01-21T17:23:18.934Z
Updated: 2025-01-21T18:41:51.242Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-24457 |
vulnerable | 2026-06-03 14:59:56.034768 |
Details available
MEDIUM (5.5)
In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs
Published: 2025-01-21T17:23:18.057Z
Updated: 2025-01-21T18:41:57.529Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-54158 |
vulnerable | 2026-06-03 14:57:40.859789 |
Details available
LOW (3.5)
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
Published: 2024-12-04T11:16:27.904Z
Updated: 2024-12-04T14:09:10.593Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-54157 |
vulnerable | 2026-06-03 14:57:40.859390 |
Details available
MEDIUM (4.3)
In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
Published: 2024-12-04T11:16:27.323Z
Updated: 2024-12-04T14:09:10.737Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-54156 |
vulnerable | 2026-06-03 14:57:40.859125 |
Details available
MEDIUM (4.2)
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
Published: 2024-12-04T11:16:26.573Z
Updated: 2024-12-04T14:09:10.904Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-54155 |
vulnerable | 2026-06-03 14:57:40.858851 |
Details available
LOW (3.7)
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
Published: 2024-12-04T11:16:25.997Z
Updated: 2024-12-04T14:09:11.056Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-54154 |
vulnerable | 2026-06-03 14:57:40.858549 |
Details available
HIGH (8)
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
Published: 2024-12-04T11:16:25.244Z
Updated: 2024-12-04T14:25:35.177Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-54153 |
vulnerable | 2026-06-03 14:57:40.858166 |
Details available
LOW (3.1)
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
Published: 2024-12-04T11:16:24.494Z
Updated: 2024-12-04T14:09:11.280Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50582 |
vulnerable | 2026-06-03 14:57:25.150737 |
Details available
MEDIUM (4.6)
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements
Published: 2024-10-28T12:55:52.421Z
Updated: 2024-10-28T13:31:11.906Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50581 |
vulnerable | 2026-06-03 14:57:25.150349 |
Details available
MEDIUM (4.6)
In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag
Published: 2024-10-28T12:55:51.788Z
Updated: 2024-10-28T13:31:49.694Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50580 |
vulnerable | 2026-06-03 14:57:25.150054 |
Details available
MEDIUM (4.6)
In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule
Published: 2024-10-28T12:55:51.207Z
Updated: 2024-10-28T13:32:21.965Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50579 |
vulnerable | 2026-06-03 14:57:25.149756 |
Details available
MEDIUM (4.6)
In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible
Published: 2024-10-28T12:55:50.677Z
Updated: 2024-10-28T13:33:01.475Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50578 |
vulnerable | 2026-06-03 14:57:25.149459 |
Details available
MEDIUM (4.6)
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page
Published: 2024-10-28T12:55:50.126Z
Updated: 2024-10-28T13:33:25.750Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50577 |
vulnerable | 2026-06-03 14:57:25.149147 |
Details available
MEDIUM (4.6)
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
Published: 2024-10-28T12:55:49.589Z
Updated: 2024-10-28T13:33:53.241Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50576 |
vulnerable | 2026-06-03 14:57:25.148739 |
Details available
MEDIUM (4.6)
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest
Published: 2024-10-28T12:55:49.017Z
Updated: 2024-10-28T13:34:14.037Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50575 |
vulnerable | 2026-06-03 14:57:25.148405 |
Details available
MEDIUM (4.6)
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
Published: 2024-10-28T12:55:48.376Z
Updated: 2024-10-28T13:40:23.900Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50574 |
vulnerable | 2026-06-03 14:57:25.148031 |
Details available
MEDIUM (5.3)
In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality
Published: 2024-10-28T12:55:47.446Z
Updated: 2024-10-28T13:41:57.123Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-49579 |
vulnerable | 2026-06-03 14:57:12.721293 |
Details available
HIGH (8.1)
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests
Published: 2024-10-17T13:00:15.587Z
Updated: 2024-10-17T14:00:40.770Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-48902 |
vulnerable | 2026-06-03 14:57:11.013491 |
Details available
MEDIUM (5.4)
In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API
Published: 2024-10-10T10:34:39.436Z
Updated: 2024-10-10T13:44:30.364Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47162 |
vulnerable | 2026-06-03 14:57:00.773691 |
Details available
MEDIUM (4.1)
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
Published: 2024-09-19T17:20:22.288Z
Updated: 2024-09-19T17:58:06.239Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47160 |
vulnerable | 2026-06-03 14:57:00.772049 |
Details available
MEDIUM (4.3)
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
Published: 2024-09-19T17:20:21.734Z
Updated: 2024-09-19T18:01:00.797Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47159 |
vulnerable | 2026-06-03 14:57:00.771656 |
Details available
MEDIUM (4.3)
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
Published: 2024-09-19T17:20:21.066Z
Updated: 2024-09-19T18:01:19.913Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38506 |
vulnerable | 2026-06-03 14:56:18.830099 |
Details available
MEDIUM (6.3)
In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows
Published: 2024-06-18T10:42:07.422Z
Updated: 2024-08-02T04:12:24.728Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38505 |
vulnerable | 2026-06-03 14:56:18.829647 |
Details available
MEDIUM (5.3)
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
Published: 2024-06-18T10:42:07.098Z
Updated: 2024-08-02T04:12:24.797Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38504 |
vulnerable | 2026-06-03 14:56:18.829132 |
Details available
MEDIUM (4.3)
In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles
Published: 2024-06-18T10:42:06.643Z
Updated: 2024-08-02T04:12:25.213Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-35299 |
vulnerable | 2026-06-03 14:55:56.041557 |
Details available
MEDIUM (5.9)
In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
Published: 2024-05-16T10:31:58.950Z
Updated: 2024-08-02T03:07:47.059Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28230 |
vulnerable | 2026-06-03 14:55:25.333889 |
Details available
MEDIUM (6.5)
In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions
Published: 2024-03-07T11:40:00.296Z
Updated: 2024-08-02T00:48:49.436Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28229 |
vulnerable | 2026-06-03 14:55:25.333580 |
Details available
MEDIUM (6.5)
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
Published: 2024-03-07T11:39:59.851Z
Updated: 2025-04-16T15:52:17.045Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28228 |
vulnerable | 2026-06-03 14:55:25.333184 |
Details available
MEDIUM (5.3)
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
Published: 2024-03-07T11:39:59.443Z
Updated: 2024-08-27T16:35:50.911Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22370 |
vulnerable | 2026-06-03 14:55:00.517176 |
Details available
MEDIUM (4.6)
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible
Published: 2024-01-09T09:48:57.964Z
Updated: 2025-06-17T20:59:11.270Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50871 |
vulnerable | 2026-06-03 14:53:31.621977 |
Details available
MEDIUM (4.3)
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed
Published: 2023-12-15T13:48:13.458Z
Updated: 2024-08-02T22:23:43.874Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38068 |
vulnerable | 2026-06-03 14:52:30.267713 |
Details available
MEDIUM (6.5)
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms
Published: 2023-07-12T12:48:22.777Z
Updated: 2024-11-07T17:00:22.476Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-35054 |
vulnerable | 2026-06-03 14:52:17.659294 |
Details available
MEDIUM (4.6)
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
Published: 2023-06-12T15:46:04.704Z
Updated: 2025-01-03T21:14:36.023Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-35053 |
vulnerable | 2026-06-03 14:52:17.658785 |
Details available
HIGH (7.5)
In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
Published: 2023-06-12T15:46:04.269Z
Updated: 2025-01-03T21:15:22.565Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-28650 |
vulnerable | 2026-06-03 14:46:55.150417 |
Details available
HIGH (7.3)
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
Published: 2022-04-05T17:55:20.000Z
Updated: 2024-08-03T05:56:16.394Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-28649 |
vulnerable | 2026-06-03 14:46:55.150103 |
Details available
MEDIUM (4.6)
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
Published: 2022-04-05T17:55:18.000Z
Updated: 2024-08-03T05:56:16.466Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-28648 |
vulnerable | 2026-06-03 14:46:55.149694 |
Details available
MEDIUM (5.7)
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
Published: 2022-04-05T17:55:17.000Z
Updated: 2024-08-03T05:56:16.455Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24442 |
vulnerable | 2026-06-03 14:46:30.254618 |
Details available
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
Published: 2022-02-25T20:01:35.000Z
Updated: 2024-08-03T04:13:55.649Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24347 |
vulnerable | 2026-06-03 14:46:29.848562 |
Details available
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.
Published: 2022-02-25T14:36:08.000Z
Updated: 2024-08-03T04:07:02.562Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24344 |
vulnerable | 2026-06-03 14:46:29.846548 |
Details available
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.
Published: 2022-02-25T14:35:56.000Z
Updated: 2024-08-03T04:07:02.535Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24343 |
vulnerable | 2026-06-03 14:46:29.846131 |
Details available
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
Published: 2022-02-25T14:35:52.000Z
Updated: 2024-08-03T04:07:02.518Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-43186 |
vulnerable | 2026-06-03 14:45:33.764386 |
Details available
JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.
Published: 2021-11-09T14:25:45.000Z
Updated: 2024-08-04T03:47:13.590Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-43185 |
vulnerable | 2026-06-03 14:45:33.764090 |
Details available
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.
Published: 2021-11-09T14:32:04.000Z
Updated: 2024-08-04T03:47:13.604Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-43184 |
vulnerable | 2026-06-03 14:45:33.763700 |
Details available
In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.
Published: 2021-11-09T14:33:39.000Z
Updated: 2024-08-04T03:47:13.610Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37554 |
vulnerable | 2026-06-03 14:45:00.744241 |
Details available
In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.
Published: 2021-08-06T13:32:19.000Z
Updated: 2024-08-04T01:22:59.374Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37553 |
vulnerable | 2026-06-03 14:45:00.743975 |
Details available
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
Published: 2021-08-06T13:31:50.000Z
Updated: 2024-08-04T01:23:01.508Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37552 |
vulnerable | 2026-06-03 14:45:00.743721 |
Details available
In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.
Published: 2021-08-06T13:30:39.000Z
Updated: 2024-08-04T01:23:01.362Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37551 |
vulnerable | 2026-06-03 14:45:00.743466 |
Details available
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
Published: 2021-08-06T13:31:20.000Z
Updated: 2024-08-04T01:23:01.266Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37550 |
vulnerable | 2026-06-03 14:45:00.743163 |
Details available
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.
Published: 2021-08-06T13:29:57.000Z
Updated: 2024-08-04T01:23:01.200Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37549 |
vulnerable | 2026-06-03 14:45:00.742787 |
Details available
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.
Published: 2021-08-06T13:26:43.000Z
Updated: 2024-08-04T01:23:01.218Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31905 |
vulnerable | 2026-06-03 14:44:33.970056 |
Details available
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.
Published: 2021-05-11T11:40:48.000Z
Updated: 2024-08-03T23:10:30.761Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31903 |
vulnerable | 2026-06-03 14:44:33.968300 |
Details available
In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS.
Published: 2021-05-11T11:37:43.000Z
Updated: 2024-08-03T23:10:31.038Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31902 |
vulnerable | 2026-06-03 14:44:33.967909 |
Details available
In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.
Published: 2021-05-11T11:38:49.000Z
Updated: 2024-08-03T23:10:30.870Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-27733 |
vulnerable | 2026-06-03 14:44:16.515832 |
Details available
In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.
Published: 2021-05-11T11:35:36.000Z
Updated: 2024-08-03T21:26:10.811Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25771 |
vulnerable | 2026-06-03 14:44:05.837143 |
Details available
In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.
Published: 2021-02-03T15:32:02.000Z
Updated: 2024-08-03T20:11:27.844Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25770 |
vulnerable | 2026-06-03 14:44:05.836734 |
Details available
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
Published: 2021-02-03T15:31:27.000Z
Updated: 2024-08-03T20:11:27.963Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25769 |
vulnerable | 2026-06-03 14:44:05.836439 |
Details available
In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.
Published: 2021-02-03T15:30:34.000Z
Updated: 2024-08-03T20:11:28.165Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25768 |
vulnerable | 2026-06-03 14:44:05.836124 |
Details available
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.
Published: 2021-02-03T15:29:50.000Z
Updated: 2024-08-03T20:11:28.299Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25767 |
vulnerable | 2026-06-03 14:44:05.835830 |
Details available
In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.
Published: 2021-02-03T15:29:04.000Z
Updated: 2024-08-03T20:11:27.626Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25766 |
vulnerable | 2026-06-03 14:44:05.835487 |
Details available
In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.
Published: 2021-02-03T15:28:37.000Z
Updated: 2024-08-03T20:11:27.915Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25765 |
vulnerable | 2026-06-03 14:44:05.835101 |
Details available
In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.
Published: 2021-02-03T15:26:18.000Z
Updated: 2024-08-03T20:11:28.083Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-7913 |
vulnerable | 2026-06-03 14:43:07.719641 |
Details available
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.
Published: 2020-01-30T17:17:39.000Z
Updated: 2024-08-04T09:48:23.899Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-7912 |
vulnerable | 2026-06-03 14:43:07.719254 |
Details available
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.
Published: 2020-01-30T17:16:26.000Z
Updated: 2024-08-04T09:48:23.902Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-27626 |
vulnerable | 2026-06-03 14:42:18.241901 |
Details available
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.
Published: 2020-11-16T14:58:33.000Z
Updated: 2024-08-04T16:18:45.415Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-27625 |
vulnerable | 2026-06-03 14:42:18.241611 |
Details available
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.
Published: 2020-11-16T14:59:02.000Z
Updated: 2024-08-04T16:18:45.402Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-27624 |
vulnerable | 2026-06-03 14:42:18.241258 |
Details available
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.
Published: 2020-11-16T14:59:42.000Z
Updated: 2024-08-04T16:18:45.542Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-25210 |
vulnerable | 2026-06-03 14:42:08.905779 |
Details available
In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.
Published: 2020-11-16T14:45:46.000Z
Updated: 2024-08-04T15:33:04.376Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-25209 |
vulnerable | 2026-06-03 14:42:08.905506 |
Details available
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.
Published: 2020-11-16T14:56:56.000Z
Updated: 2024-08-04T15:33:05.387Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-25208 |
vulnerable | 2026-06-03 14:42:08.905221 |
Details available
In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.
Published: 2021-02-03T15:27:12.000Z
Updated: 2024-08-04T15:33:05.403Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-24618 |
vulnerable | 2026-06-03 14:42:07.830132 |
Details available
In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.
Published: 2020-08-27T19:48:08.000Z
Updated: 2024-08-04T15:19:09.034Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-15823 |
vulnerable | 2026-06-03 14:41:46.729755 |
Details available
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
Published: 2020-08-08T20:17:00.000Z
Updated: 2024-08-04T13:30:21.898Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-15822 |
vulnerable | 2026-06-03 14:41:46.729478 |
Details available
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.
Published: 2020-10-19T18:45:49.000Z
Updated: 2024-08-04T13:30:21.844Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-15821 |
vulnerable | 2026-06-03 14:41:46.729211 |
Details available
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
Published: 2020-08-08T20:15:24.000Z
Updated: 2024-08-04T13:30:22.818Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-15820 |
vulnerable | 2026-06-03 14:41:46.728916 |
Details available
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
Published: 2020-08-08T20:08:41.000Z
Updated: 2024-08-04T13:30:22.484Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-15819 |
vulnerable | 2026-06-03 14:41:46.728618 |
Details available
JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.
Published: 2020-08-08T20:07:14.000Z
Updated: 2024-08-04T13:30:22.577Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-15818 |
vulnerable | 2026-06-03 14:41:46.728292 |
Details available
In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.
Published: 2020-08-08T20:03:57.000Z
Updated: 2024-08-04T13:30:22.365Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-15817 |
vulnerable | 2026-06-03 14:41:46.727902 |
Details available
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.
Published: 2020-08-08T20:05:37.000Z
Updated: 2024-08-04T13:30:22.383Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-11693 |
vulnerable | 2026-06-03 14:41:26.506128 |
Details available
JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.
Published: 2020-04-22T13:52:44.000Z
Updated: 2024-08-04T11:35:13.850Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-11692 |
vulnerable | 2026-06-03 14:41:26.505763 |
Details available
In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.
Published: 2020-04-22T13:52:43.000Z
Updated: 2024-08-04T11:35:13.667Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-18369 |
vulnerable | 2026-06-03 14:39:57.225191 |
Details available
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.
Published: 2019-10-31T15:25:56.000Z
Updated: 2024-08-05T01:54:14.047Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-16171 |
vulnerable | 2026-06-03 14:39:53.963728 |
Details available
In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.
Published: 2019-10-02T18:24:00.000Z
Updated: 2024-08-05T01:10:41.408Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-15041 |
vulnerable | 2026-06-03 14:39:46.993664 |
Details available
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.
Published: 2019-10-01T19:35:41.000Z
Updated: 2024-08-05T00:34:53.109Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-15040 |
vulnerable | 2026-06-03 14:39:46.993400 |
Details available
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.
Published: 2019-10-02T18:32:50.000Z
Updated: 2024-08-05T00:34:53.139Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-14956 |
vulnerable | 2026-06-03 14:39:46.887502 |
Details available
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.
Published: 2019-10-02T18:41:19.000Z
Updated: 2024-08-05T00:34:53.157Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-14953 |
vulnerable | 2026-06-03 14:39:46.883832 |
Details available
JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser.
Published: 2019-10-01T15:48:39.000Z
Updated: 2024-08-05T00:34:52.705Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-14952 |
vulnerable | 2026-06-03 14:39:46.883489 |
Details available
JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles.
Published: 2019-10-01T13:24:20.000Z
Updated: 2024-08-05T00:34:52.895Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12867 |
vulnerable | 2026-06-03 14:39:36.217774 |
Details available
Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
Published: 2019-07-03T18:24:45.000Z
Updated: 2024-08-04T23:32:55.532Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12866 |
vulnerable | 2026-06-03 14:39:36.217509 |
Details available
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
Published: 2019-07-03T18:28:18.000Z
Updated: 2024-08-04T23:32:55.513Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12852 |
vulnerable | 2026-06-03 14:39:36.211056 |
Details available
An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168.
Published: 2019-07-03T19:48:11.000Z
Updated: 2024-08-04T23:32:55.487Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12851 |
vulnerable | 2026-06-03 14:39:36.210762 |
Details available
A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852.
Published: 2019-07-03T18:18:50.000Z
Updated: 2024-08-04T23:32:55.516Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12850 |
vulnerable | 2026-06-03 14:39:36.210386 |
Details available
A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.
Published: 2019-07-03T18:21:51.000Z
Updated: 2024-08-04T23:32:55.457Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.