Vulnerabilities > CVE-2019-14956 - Improper Preservation of Permissions vulnerability in Jetbrains Youtrack

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

jetbrains

CWE-281

NVD

Published: 2019-10-02

Updated: 2019-10-03

Summary

JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.

Vulnerable Configurations

Part	Description	Count
Application	Jetbrains Jetbrains Youtrack 2.2.1 Jetbrains Youtrack 2.19.2.65515 Jetbrains Youtrack 3.3 Jetbrains Youtrack 4.2.4 Jetbrains Youtrack 5.2.5 Jetbrains Youtrack 6.0.12124 Jetbrains Youtrack 6.0.12634 Jetbrains Youtrack 6.5.17031 Jetbrains Youtrack 6.5.17057 Jetbrains Youtrack 6.5.17105 Jetbrains Youtrack 6.5.17122 Jetbrains Youtrack 7.0.26198 Jetbrains Youtrack 7.0.26630 Jetbrains Youtrack 7.0.26754 Jetbrains Youtrack 7.0.26927 Jetbrains Youtrack 7.0.27676 Jetbrains Youtrack 7.0.27705 Jetbrains Youtrack 7.0.27777 Jetbrains Youtrack 7.0.27965 Jetbrains Youtrack 7.0.28110 Jetbrains Youtrack 7.0.28450 Jetbrains Youtrack 7.0.28958 Jetbrains Youtrack 7.0.29566 Jetbrains Youtrack 2017.1.30791 Jetbrains Youtrack 2017.1.30867 Jetbrains Youtrack 2017.1.30973 Jetbrains Youtrack 2017.1.31650 Jetbrains Youtrack 2017.2.32529 Jetbrains Youtrack 2017.2.32582 Jetbrains Youtrack 2017.2.32799 Jetbrains Youtrack 2017.2.32853 Jetbrains Youtrack 2017.2.33063 Jetbrains Youtrack 2017.2.33154 Jetbrains Youtrack 2017.2.33372 Jetbrains Youtrack 2017.2.33390 Jetbrains Youtrack 2017.2.33766 Jetbrains Youtrack 2017.2.34279 Jetbrains Youtrack 2017.2.34480 Jetbrains Youtrack 2017.2.35124 Jetbrains Youtrack 2017.3.35488 Jetbrains Youtrack 2017.3.35968 Jetbrains Youtrack 2017.3.36019 Jetbrains Youtrack 2017.3.36369 Jetbrains Youtrack 2017.3.36626 Jetbrains Youtrack 2017.3.36743 Jetbrains Youtrack 2017.3.37116 Jetbrains Youtrack 2017.3.37517 Jetbrains Youtrack 2017.4.37623 Jetbrains Youtrack 2017.4.37933 Jetbrains Youtrack 2017.4.38030 Jetbrains Youtrack 2017.4.38399 Jetbrains Youtrack 2017.4.39083 Jetbrains Youtrack 2017.4.39238 Jetbrains Youtrack 2017.4.39406 Jetbrains Youtrack 2017.4.39533 Jetbrains Youtrack 2018.1.39916 Jetbrains Youtrack 2018.1.40025 Jetbrains Youtrack 2018.1.40066 Jetbrains Youtrack 2018.1.40341 Jetbrains Youtrack 2018.1.40840 Jetbrains Youtrack 2018.1.41051 Jetbrains Youtrack 2018.1.41561 Jetbrains Youtrack 2018.1.41826 Jetbrains Youtrack 2018.2.42133 Jetbrains Youtrack 2018.2.42223 Jetbrains Youtrack 2018.2.42284 Jetbrains Youtrack 2018.2.42337 Jetbrains Youtrack 2018.2.42881 Jetbrains Youtrack 2018.2.43142 Jetbrains Youtrack 2018.2.44329 Jetbrains Youtrack 2018.2.45073 Jetbrains Youtrack 2018.2.45146 Jetbrains Youtrack 2018.2.45513 Jetbrains Youtrack 2018.3.46358 Jetbrains Youtrack 2018.3.46581 Jetbrains Youtrack 2018.3.46727 Jetbrains Youtrack 2018.3.47010 Jetbrains Youtrack 2018.3.47078 Jetbrains Youtrack 2018.3.47109 Jetbrains Youtrack 2018.3.47247 Jetbrains Youtrack 2018.3.47965 Jetbrains Youtrack 2018.3.48045 Jetbrains Youtrack 2018.4.48293 Jetbrains Youtrack 2018.4.48406 Jetbrains Youtrack 2018.4.48733 Jetbrains Youtrack 2018.4.49168 Jetbrains Youtrack 2018.4.49352 Jetbrains Youtrack 2018.4.49852 Jetbrains Youtrack 2019.1.50680 Jetbrains Youtrack 2019.1.50730 Jetbrains Youtrack 2019.1.50916 Jetbrains Youtrack 2019.1.51078 Jetbrains Youtrack 2019.1.51277 Jetbrains Youtrack 2019.1.51759 Jetbrains Youtrack 2019.1.51932 Jetbrains Youtrack 2019.1.52545 Jetbrains Youtrack 2019.1.52584 Jetbrains Youtrack 2019.1.52973 Jetbrains Youtrack 2019.1.65514 Jetbrains Youtrack 2019.2.0	100

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/