CVE-2021-25767
- EPSS 0.01%
- Published 03.02.2021 16:15:15
- Last modified 21.11.2024 05:55:24
In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.
CVE-2021-25768
- EPSS 0%
- Published 03.02.2021 16:15:15
- Last modified 21.11.2024 05:55:24
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.
CVE-2021-25769
- EPSS 0.01%
- Published 03.02.2021 16:15:15
- Last modified 21.11.2024 05:55:24
In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.
CVE-2021-25770
- EPSS 0.02%
- Published 03.02.2021 16:15:15
- Last modified 21.11.2024 05:55:24
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
CVE-2021-25766
- EPSS 0%
- Published 03.02.2021 16:15:14
- Last modified 21.11.2024 05:55:24
In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.
CVE-2021-25765
- EPSS 0%
- Published 03.02.2021 16:15:14
- Last modified 21.11.2024 05:55:23
In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.
CVE-2020-25208
- EPSS 0%
- Published 03.02.2021 16:15:13
- Last modified 21.11.2024 05:17:39
In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.
CVE-2020-27626
- EPSS 0%
- Published 16.11.2020 15:15:13
- Last modified 21.11.2024 05:21:31
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.
CVE-2020-27625
- EPSS 0%
- Published 16.11.2020 15:15:13
- Last modified 21.11.2024 05:21:31
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.
CVE-2020-27624
- EPSS 0%
- Published 16.11.2020 15:15:13
- Last modified 21.11.2024 05:21:31
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.