Vulnerability Details : CVE-2020-24618
In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.
Products affected by CVE-2020-24618
- cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*
- cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*
- cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*
- cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*
- cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*
- cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-24618
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-24618
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
References for CVE-2020-24618
-
https://youtrack.jetbrains.com/issue/JT-59265
Issue description data disclosure via REST API : JT-59265Vendor Advisory
-
https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/
JetBrains Security Bulletin Q3 2020 | JetBrains BlogVendor Advisory
-
https://blog.jetbrains.com
JetBrains BlogVendor Advisory
Jump to