Vulnerabilities > Jetbrains > Youtrack > 2018.3.47078
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-02 | CVE-2019-15040 | Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Youtrack JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page. | 6.8 |
| 2019-10-02 | CVE-2019-14956 | Improper Preservation of Permissions vulnerability in Jetbrains Youtrack JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names. | 4.0 |
| 2019-10-01 | CVE-2019-15041 | Open Redirect vulnerability in Jetbrains Youtrack JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere. | 5.8 |
| 2019-10-01 | CVE-2019-14953 | Cross-site Scripting vulnerability in Jetbrains Youtrack JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser. | 4.3 |
| 2019-10-01 | CVE-2019-14952 | Cross-site Scripting vulnerability in Jetbrains Youtrack JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles. | 4.3 |
| 2019-07-03 | CVE-2019-12852 | Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack An SSRF attack was possible on a JetBrains YouTrack server. | 7.5 |
| 2019-07-03 | CVE-2019-12867 | Unspecified vulnerability in Jetbrains Youtrack Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. | 7.5 |
| 2019-07-03 | CVE-2019-12866 | Authorization Bypass Through User-Controlled Key vulnerability in Jetbrains Youtrack An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. | 7.5 |
| 2019-07-03 | CVE-2019-12851 | Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Youtrack A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. | 6.8 |
| 2019-07-03 | CVE-2019-12850 | SQL Injection vulnerability in Jetbrains Youtrack A query injection was possible in JetBrains YouTrack. | 7.5 |