Vulnerabilities > Jetbrains > Youtrack

DATE CVE VULNERABILITY TITLE RISK
2021-08-06 CVE-2021-37554 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.
network
low complexity
jetbrains
4.3
2021-05-11 CVE-2021-27733 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.
network
low complexity
jetbrains CWE-79
5.4
2021-05-11 CVE-2021-31902 Incorrect Permission Assignment for Critical Resource vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.
network
low complexity
jetbrains CWE-732
7.5
2021-05-11 CVE-2021-31903 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS.
network
low complexity
jetbrains CWE-79
6.1
2021-05-11 CVE-2021-31905 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.
network
low complexity
jetbrains
7.5
2021-02-03 CVE-2021-25771 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.
network
low complexity
jetbrains
4.3
2021-02-03 CVE-2021-25770 Code Injection vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
network
low complexity
jetbrains CWE-94
critical
9.8
2021-02-03 CVE-2021-25769 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.
network
low complexity
jetbrains
7.5
2021-02-03 CVE-2021-25768 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.
network
low complexity
jetbrains
5.3
2021-02-03 CVE-2021-25767 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.
network
low complexity
jetbrains
5.3