Vulnerabilities > Jetbrains > Youtrack

DATE CVE VULNERABILITY TITLE RISK
2024-10-10 CVE-2024-48902 Missing Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API
network
low complexity
jetbrains CWE-862
5.4
2024-09-19 CVE-2024-47159 Incorrect Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
network
low complexity
jetbrains CWE-863
4.3
2024-09-19 CVE-2024-47160 Incorrect Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
network
low complexity
jetbrains CWE-863
5.3
2024-09-19 CVE-2024-47162 Insufficiently Protected Credentials vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
network
low complexity
jetbrains CWE-522
5.3
2024-06-18 CVE-2024-38504 Missing Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles
network
low complexity
jetbrains CWE-862
5.3
2024-06-18 CVE-2024-38505 Insufficiently Protected Credentials vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
network
low complexity
jetbrains CWE-522
7.5
2024-06-18 CVE-2024-38506 Missing Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows
network
low complexity
jetbrains CWE-862
8.1
2024-03-07 CVE-2024-28228 Authentication Bypass by Spoofing vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
network
low complexity
jetbrains CWE-290
5.3
2024-03-07 CVE-2024-28229 Incorrect Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
network
low complexity
jetbrains CWE-863
6.5
2024-03-07 CVE-2024-28230 Missing Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions
network
low complexity
jetbrains CWE-862
6.5