Vulnerabilities > Jetbrains > Youtrack > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-08-08 CVE-2020-15821 Incorrect Default Permissions vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
network
low complexity
jetbrains CWE-276
6.5
6.5
2020-08-08 CVE-2020-15820 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
network
low complexity
jetbrains
5.3
5.3
2020-08-08 CVE-2020-15819 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack
JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.
network
low complexity
jetbrains CWE-918
5.3
5.3
2020-08-08 CVE-2020-15818 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.
network
low complexity
jetbrains
5.3
5.3
2020-01-30 CVE-2020-7913 Cross-site Scripting vulnerability in Jetbrains Youtrack
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.
network
low complexity
jetbrains CWE-79
6.1
6.1
2020-01-30 CVE-2020-7912 Exposure of Resource to Wrong Sphere vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.
network
low complexity
jetbrains CWE-668
5.3
5.3
2019-10-31 CVE-2019-18369 Incorrect Default Permissions vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.
network
low complexity
jetbrains CWE-276
5.3
5.3
2019-10-02 CVE-2019-16171 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.
network
low complexity
jetbrains CWE-79
6.1
6.1
2019-10-02 CVE-2019-14956 Improper Preservation of Permissions vulnerability in Jetbrains Youtrack
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.
network
low complexity
jetbrains CWE-281
4.3
4.3
2019-10-01 CVE-2019-15041 Open Redirect vulnerability in Jetbrains Youtrack
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.
network
low complexity
jetbrains CWE-601
6.1
6.1