Vulnerabilities > Jetbrains > Youtrack > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-19 CVE-2024-47159 Incorrect Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
network
low complexity
jetbrains CWE-863
4.3
2024-09-19 CVE-2024-47160 Incorrect Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
network
low complexity
jetbrains CWE-863
5.3
2024-09-19 CVE-2024-47162 Insufficiently Protected Credentials vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
network
low complexity
jetbrains CWE-522
5.3
2024-06-18 CVE-2024-38504 Missing Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles
network
low complexity
jetbrains CWE-862
5.3
2024-03-07 CVE-2024-28228 Authentication Bypass by Spoofing vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
network
low complexity
jetbrains CWE-290
5.3
2024-03-07 CVE-2024-28229 Incorrect Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
network
low complexity
jetbrains CWE-863
6.5
2024-03-07 CVE-2024-28230 Missing Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions
network
low complexity
jetbrains CWE-862
6.5
2024-01-09 CVE-2024-22370 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible
network
low complexity
jetbrains CWE-79
5.4
2023-12-15 CVE-2023-50871 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed
network
low complexity
jetbrains
4.3
2023-06-12 CVE-2023-35054 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
network
low complexity
jetbrains CWE-79
5.4