Vulnerabilities > Jetbrains > Youtrack > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-01-21 CVE-2025-24457 Information Exposure Through Log Files vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs
local
low complexity
jetbrains CWE-532
5.5
5.5
2024-12-04 CVE-2024-54153 Missing Authentication for Critical Function vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
network
low complexity
jetbrains CWE-306
6.5
6.5
2024-12-04 CVE-2024-54155 Missing Authentication for Critical Function vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
network
low complexity
jetbrains CWE-306
5.3
5.3
2024-12-04 CVE-2024-54156 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
network
low complexity
jetbrains
6.5
6.5
2024-12-04 CVE-2024-54157 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
network
low complexity
jetbrains
6.5
6.5
2024-12-04 CVE-2024-54158 Authentication Bypass by Spoofing vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
network
low complexity
jetbrains CWE-290
5.3
5.3
2024-10-28 CVE-2024-50575 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
network
low complexity
jetbrains CWE-79
6.1
6.1
2024-10-28 CVE-2024-50576 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest
network
low complexity
jetbrains CWE-79
5.4
5.4
2024-10-28 CVE-2024-50577 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
network
low complexity
jetbrains CWE-79
5.4
5.4
2024-10-28 CVE-2024-50578 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page
network
low complexity
jetbrains CWE-79
5.4
5.4