Vulnerabilities > Jetbrains > Youtrack > High

DATE CVE VULNERABILITY TITLE RISK
2021-02-03 CVE-2021-25765 Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.
network
low complexity
jetbrains CWE-352
8.8
2020-11-16 CVE-2020-25209 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.
network
low complexity
jetbrains
7.5
2020-10-19 CVE-2020-15822 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.
network
low complexity
jetbrains CWE-918
7.3
2020-08-08 CVE-2020-15823 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
network
low complexity
jetbrains CWE-918
7.5
2020-08-08 CVE-2020-15817 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.
network
low complexity
jetbrains
8.8
2020-04-22 CVE-2020-11693 Unspecified vulnerability in Jetbrains Youtrack
JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.
network
low complexity
jetbrains
7.5
2019-10-02 CVE-2019-15040 Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Youtrack
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.
network
low complexity
jetbrains CWE-352
8.8
2019-07-03 CVE-2019-12851 Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Youtrack
A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack.
network
low complexity
jetbrains CWE-352
8.8