Vulnerabilities > CVE-2020-15822 - Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

jetbrains

CWE-918

NVD

Published: 2020-10-19

Updated: 2020-10-22

Summary

In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.

Vulnerable Configurations

Part	Description	Count
Application	Jetbrains Jetbrains Youtrack 2.2.1 Jetbrains Youtrack 3.3 Jetbrains Youtrack 4.2.4 Jetbrains Youtrack 5.2.5 Jetbrains Youtrack 6.0.12124 Jetbrains Youtrack 6.0.12634 Jetbrains Youtrack 6.5.17031 Jetbrains Youtrack 6.5.17057 Jetbrains Youtrack 6.5.17105 Jetbrains Youtrack 6.5.17122 Jetbrains Youtrack 7.0.26198 Jetbrains Youtrack 7.0.26630 Jetbrains Youtrack 7.0.26754 Jetbrains Youtrack 7.0.26927 Jetbrains Youtrack 7.0.27676 Jetbrains Youtrack 7.0.27705 Jetbrains Youtrack 7.0.27777 Jetbrains Youtrack 7.0.27965 Jetbrains Youtrack 7.0.28110 Jetbrains Youtrack 7.0.28450 Jetbrains Youtrack 7.0.28958 Jetbrains Youtrack 7.0.29566 Jetbrains Youtrack 2017.1.30791 Jetbrains Youtrack 2017.1.30867 Jetbrains Youtrack 2017.1.30973 Jetbrains Youtrack 2017.1.31650 Jetbrains Youtrack 2017.2.32529 Jetbrains Youtrack 2017.2.32582 Jetbrains Youtrack 2017.2.32799 Jetbrains Youtrack 2017.2.32853 Jetbrains Youtrack 2017.2.33063 Jetbrains Youtrack 2017.2.33154 Jetbrains Youtrack 2017.2.33372 Jetbrains Youtrack 2017.2.33390 Jetbrains Youtrack 2017.2.33766 Jetbrains Youtrack 2017.2.34279 Jetbrains Youtrack 2017.2.34480 Jetbrains Youtrack 2017.2.35124 Jetbrains Youtrack 2017.3.35488 Jetbrains Youtrack 2017.3.35968 Jetbrains Youtrack 2017.3.36019 Jetbrains Youtrack 2017.3.36369 Jetbrains Youtrack 2017.3.36626 Jetbrains Youtrack 2017.3.36743 Jetbrains Youtrack 2017.3.37116 Jetbrains Youtrack 2017.3.37517 Jetbrains Youtrack 2017.4.37623 Jetbrains Youtrack 2017.4.37933 Jetbrains Youtrack 2017.4.38030 Jetbrains Youtrack 2017.4.38399 Jetbrains Youtrack 2017.4.39083 Jetbrains Youtrack 2017.4.39238 Jetbrains Youtrack 2017.4.39406 Jetbrains Youtrack 2017.4.39533 Jetbrains Youtrack 2018.1.39916 Jetbrains Youtrack 2018.1.40025 Jetbrains Youtrack 2018.1.40066 Jetbrains Youtrack 2018.1.40341 Jetbrains Youtrack 2018.1.40840 Jetbrains Youtrack 2018.1.41051 Jetbrains Youtrack 2018.1.41561 Jetbrains Youtrack 2018.1.41826 Jetbrains Youtrack 2018.2.42133 Jetbrains Youtrack 2018.2.42223 Jetbrains Youtrack 2018.2.42284 Jetbrains Youtrack 2018.2.42337 Jetbrains Youtrack 2018.2.42881 Jetbrains Youtrack 2018.2.43142 Jetbrains Youtrack 2018.2.44329 Jetbrains Youtrack 2018.2.45073 Jetbrains Youtrack 2018.2.45146 Jetbrains Youtrack 2018.2.45513 Jetbrains Youtrack 2018.3.46358 Jetbrains Youtrack 2018.3.46581 Jetbrains Youtrack 2018.3.46727 Jetbrains Youtrack 2018.3.47010 Jetbrains Youtrack 2018.3.47078 Jetbrains Youtrack 2018.3.47109 Jetbrains Youtrack 2018.3.47247 Jetbrains Youtrack 2018.3.47965 Jetbrains Youtrack 2018.3.48045 Jetbrains Youtrack 2018.4.48293 Jetbrains Youtrack 2018.4.48406 Jetbrains Youtrack 2018.4.48733 Jetbrains Youtrack 2018.4.49168 Jetbrains Youtrack 2018.4.49352 Jetbrains Youtrack 2018.4.49852 Jetbrains Youtrack 2019.1.50680 Jetbrains Youtrack 2019.1.50730 Jetbrains Youtrack 2019.1.50916 Jetbrains Youtrack 2019.1.51078 Jetbrains Youtrack 2019.1.51277 Jetbrains Youtrack 2019.1.51759 Jetbrains Youtrack 2019.1.51932 Jetbrains Youtrack 2019.1.52545 Jetbrains Youtrack 2019.1.52584 Jetbrains Youtrack 2019.1.52973 Jetbrains Youtrack 2019.2.0 Jetbrains Youtrack 2019.2.53938 Jetbrains Youtrack 2019.2.54033 Jetbrains Youtrack 2019.2.54193 Jetbrains Youtrack 2019.2.55152 Jetbrains Youtrack 2019.2.55688 Jetbrains Youtrack 2019.2.56187 Jetbrains Youtrack 2019.2.56535 Jetbrains Youtrack 2019.2.56594 Jetbrains Youtrack 2019.2.57829 Jetbrains Youtrack 2019.2.57909 Jetbrains Youtrack 2019.2.59309 Jetbrains Youtrack 2019.3 Jetbrains Youtrack 2019.3.65512 Jetbrains Youtrack 2020.1 Jetbrains Youtrack 2020.1.659 Jetbrains Youtrack 2020.1.1331 Jetbrains Youtrack 2020.1.3412 Jetbrains Youtrack 2020.1.3588 Jetbrains Youtrack 2020.2.6881 Jetbrains Youtrack 2020.2.8527 Jetbrains Youtrack 2020.2.8873	119

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References