Vulnerabilities > Jetbrains > Youtrack > 2018.4.49352

DATE CVE VULNERABILITY TITLE RISK
2019-10-02 CVE-2019-14956 Improper Preservation of Permissions vulnerability in Jetbrains Youtrack
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.
network
low complexity
jetbrains CWE-281
4.3
4.3
2019-10-01 CVE-2019-15041 Open Redirect vulnerability in Jetbrains Youtrack
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.
network
low complexity
jetbrains CWE-601
6.1
6.1
2019-10-01 CVE-2019-14953 Cross-site Scripting vulnerability in Jetbrains Youtrack
JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser.
network
low complexity
jetbrains CWE-79
6.1
6.1
2019-10-01 CVE-2019-14952 Cross-site Scripting vulnerability in Jetbrains Youtrack
JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles.
network
low complexity
jetbrains CWE-79
6.1
6.1
2019-07-03 CVE-2019-12851 Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Youtrack
A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack.
network
low complexity
jetbrains CWE-352
8.8
8.8