Vulnerabilities > Jetbrains > Youtrack > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-28 CVE-2024-50574 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality
network
low complexity
jetbrains
7.5
2024-06-18 CVE-2024-38505 Insufficiently Protected Credentials vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
network
low complexity
jetbrains CWE-522
7.5
2024-06-18 CVE-2024-38506 Missing Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows
network
low complexity
jetbrains CWE-862
8.1
2023-07-12 CVE-2023-38068 Improper Control of Interaction Frequency vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms
network
low complexity
jetbrains CWE-799
7.3
2023-06-12 CVE-2023-35053 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
network
low complexity
jetbrains
7.5
2021-11-09 CVE-2021-43185 Injection vulnerability in Jetbrains Youtrack
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.
network
low complexity
jetbrains CWE-74
7.5
2021-02-03 CVE-2021-25770 Code Injection vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
network
low complexity
jetbrains CWE-94
7.5
2020-10-19 CVE-2020-15822 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.
network
low complexity
jetbrains CWE-918
7.5
2019-07-03 CVE-2019-12852 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack
An SSRF attack was possible on a JetBrains YouTrack server.
network
low complexity
jetbrains CWE-918
7.5
2019-07-03 CVE-2019-12867 Unspecified vulnerability in Jetbrains Youtrack
Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack.
network
low complexity
jetbrains
7.5