Vulnerabilities > Jetbrains > Youtrack
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-10 | CVE-2024-48902 | Missing Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API | 5.4 |
2024-09-19 | CVE-2024-47159 | Incorrect Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project | 4.3 |
2024-09-19 | CVE-2024-47160 | Incorrect Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible | 5.3 |
2024-09-19 | CVE-2024-47162 | Insufficiently Protected Credentials vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page | 5.3 |
2024-06-18 | CVE-2024-38504 | Missing Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles | 5.3 |
2024-06-18 | CVE-2024-38505 | Insufficiently Protected Credentials vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site | 7.5 |
2024-06-18 | CVE-2024-38506 | Missing Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows | 8.1 |
2024-03-07 | CVE-2024-28228 | Authentication Bypass by Spoofing vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible | 5.3 |
2024-03-07 | CVE-2024-28229 | Incorrect Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles | 6.5 |
2024-03-07 | CVE-2024-28230 | Missing Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions | 6.5 |