Vulnerabilities > Jetbrains > Youtrack > High

DATE CVE VULNERABILITY TITLE RISK
2025-01-21 CVE-2025-24458 Authentication Bypass by Spoofing vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration
local
low complexity
jetbrains CWE-290
7.8
7.8
2024-10-28 CVE-2024-50574 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality
network
low complexity
jetbrains
7.5
7.5
2024-06-18 CVE-2024-38505 Insufficiently Protected Credentials vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
network
low complexity
jetbrains CWE-522
7.5
7.5
2024-06-18 CVE-2024-38506 Missing Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows
network
low complexity
jetbrains CWE-862
8.1
8.1
2024-05-16 CVE-2024-35299 Improper Certificate Validation vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
network
low complexity
jetbrains CWE-295
7.5
7.5
2023-07-12 CVE-2023-38068 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms
network
low complexity
jetbrains
7.3
7.3
2023-06-12 CVE-2023-35053 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
network
low complexity
jetbrains
7.5
7.5
2021-08-06 CVE-2021-37550 Incorrect Comparison vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.
network
low complexity
jetbrains CWE-697
7.5
7.5
2021-08-06 CVE-2021-37553 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
network
low complexity
jetbrains CWE-338
7.5
7.5
2021-05-11 CVE-2021-31902 Incorrect Permission Assignment for Critical Resource vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.
network
low complexity
jetbrains CWE-732
7.5
7.5