Vulnerabilities > Jetbrains > Youtrack > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-03-07 CVE-2024-28228 Authentication Bypass by Spoofing vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
network
low complexity
jetbrains CWE-290
5.3
5.3
2024-03-07 CVE-2024-28229 Incorrect Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
network
low complexity
jetbrains CWE-863
6.5
6.5
2024-03-07 CVE-2024-28230 Missing Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions
network
low complexity
jetbrains CWE-862
6.5
6.5
2024-01-09 CVE-2024-22370 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible
network
low complexity
jetbrains CWE-79
5.4
5.4
2023-12-15 CVE-2023-50871 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed
network
low complexity
jetbrains
4.3
4.3
2023-06-12 CVE-2023-35054 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
network
low complexity
jetbrains CWE-79
5.4
5.4
2022-04-05 CVE-2022-28648 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
network
low complexity
jetbrains CWE-79
5.4
5.4
2022-04-05 CVE-2022-28649 Improper Restriction of Rendered UI Layers or Frames vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
network
low complexity
jetbrains CWE-1021
5.4
5.4
2022-04-05 CVE-2022-28650 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
network
low complexity
jetbrains CWE-79
5.4
5.4
2022-02-25 CVE-2022-24343 Incorrect Default Permissions vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
network
low complexity
jetbrains CWE-276
4.3
4.3