JetBrains

YouTrack

97 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-57731

  • EPSS 0.01%
  • Published 20.08.2025 09:13:59
  • Last modified 21.08.2025 15:17:15

In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content

6.1

CVE-2025-54527

  • EPSS 0%
  • Published 28.07.2025 16:20:38
  • Last modified 29.07.2025 14:14:29

In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions

7.6

CVE-2025-53959

  • EPSS 0%
  • Published 15.07.2025 16:26:57
  • Last modified 15.07.2025 20:07:28

In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible

5.3

CVE-2025-47850

  • EPSS 0%
  • Published 20.05.2025 17:37:43
  • Last modified 30.09.2025 18:55:14

In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning

7.5

CVE-2025-48391

  • EPSS 0%
  • Published 20.05.2025 17:37:42
  • Last modified 30.09.2025 18:51:44

In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API

7.8

CVE-2025-24458

  • EPSS 0%
  • Published 21.01.2025 18:15:18
  • Last modified 30.01.2025 21:35:05

In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration

5.5

CVE-2025-24457

  • EPSS 0%
  • Published 21.01.2025 18:15:18
  • Last modified 30.01.2025 21:31:24

In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs

9.8

CVE-2024-54154

  • EPSS 0.33%
  • Published 04.12.2024 12:15:20
  • Last modified 31.01.2025 14:51:35

In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox

5.3

CVE-2024-54155

  • EPSS 0%
  • Published 04.12.2024 12:15:20
  • Last modified 31.01.2025 14:53:39

In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication

6.5

CVE-2024-54156

  • EPSS 0.01%
  • Published 04.12.2024 12:15:20
  • Last modified 30.01.2025 21:46:25

In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack