Vulnerabilities > Jetbrains > Youtrack

DATE CVE VULNERABILITY TITLE RISK
2020-08-27 CVE-2020-24618 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.
network
low complexity
jetbrains
4.0
4.0
2020-08-08 CVE-2020-15823 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
network
low complexity
jetbrains CWE-918
5.0
5.0
2020-08-08 CVE-2020-15821 Incorrect Default Permissions vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
network
low complexity
jetbrains CWE-276
4.0
4.0
2020-08-08 CVE-2020-15820 Information Exposure vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
network
low complexity
jetbrains CWE-200
5.0
5.0
2020-08-08 CVE-2020-15819 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack
JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.
network
low complexity
jetbrains CWE-918
5.0
5.0
2020-08-08 CVE-2020-15818 Information Exposure vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.
network
low complexity
jetbrains CWE-200
5.0
5.0
2020-08-08 CVE-2020-15817 Code Injection vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.
network
low complexity
jetbrains CWE-94
6.5
6.5
2020-04-22 CVE-2020-11693 Improper Input Validation vulnerability in Jetbrains Youtrack
JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.
network
low complexity
jetbrains CWE-20
5.0
5.0
2020-04-22 CVE-2020-11692 Incorrect Default Permissions vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.
network
low complexity
jetbrains CWE-276
4.0
4.0
2020-01-30 CVE-2020-7913 Cross-site Scripting vulnerability in Jetbrains Youtrack
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.
network
jetbrains CWE-79
4.3
4.3