In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-07
Updated
2024-03-07
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-07
Updated
2024-03-07
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
Max CVSS
5.3
EPSS Score
0.04%
Published
2024-03-07
Updated
2024-03-07
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible
Max CVSS
5.4
EPSS Score
0.05%
Published
2024-01-09
Updated
2024-01-12
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed
Max CVSS
4.3
EPSS Score
0.05%
Published
2023-12-15
Updated
2023-12-19
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms
Max CVSS
7.3
EPSS Score
0.05%
Published
2023-07-12
Updated
2023-07-20
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-06-12
Updated
2023-06-16
In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-06-12
Updated
2023-06-16
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
Max CVSS
7.3
EPSS Score
0.05%
Published
2022-04-05
Updated
2022-04-18
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-04-05
Updated
2022-04-18
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
Max CVSS
5.7
EPSS Score
0.05%
Published
2022-04-05
Updated
2022-04-18
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
Max CVSS
9.8
EPSS Score
0.22%
Published
2022-02-25
Updated
2022-03-04
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-02-25
Updated
2022-03-04
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-02-25
Updated
2022-03-04
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
Max CVSS
4.3
EPSS Score
0.05%
Published
2022-02-25
Updated
2022-03-04
JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-11-09
Updated
2021-11-09
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.
Max CVSS
9.8
EPSS Score
0.20%
Published
2021-11-09
Updated
2021-11-12
In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-11-09
Updated
2021-11-12
In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.
Max CVSS
4.3
EPSS Score
0.05%
Published
2021-08-06
Updated
2022-06-28
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
Max CVSS
7.5
EPSS Score
0.15%
Published
2021-08-06
Updated
2021-08-13
In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-08-06
Updated
2021-08-12
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
Max CVSS
5.3
EPSS Score
0.07%
Published
2021-08-06
Updated
2022-07-12
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.
Max CVSS
7.5
EPSS Score
0.07%
Published
2021-08-06
Updated
2021-08-12
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.
Max CVSS
9.1
EPSS Score
0.15%
Published
2021-08-06
Updated
2021-08-12
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.
Max CVSS
7.5
EPSS Score
0.18%
Published
2021-05-11
Updated
2022-06-28