CVE-2020-15817
- EPSS 0.01%
- Published 08.08.2020 21:15:10
- Last modified 21.11.2024 05:06:14
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.
- EPSS 0%
- Published 22.04.2020 14:15:12
- Last modified 21.11.2024 04:58:24
In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.
CVE-2020-11693
- EPSS 0.01%
- Published 22.04.2020 14:15:12
- Last modified 21.11.2024 04:58:25
JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.
CVE-2020-7913
- EPSS 0.01%
- Published 30.01.2020 18:15:12
- Last modified 21.11.2024 05:37:59
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.
CVE-2020-7912
- EPSS 0%
- Published 30.01.2020 18:15:12
- Last modified 21.11.2024 05:37:59
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.
CVE-2019-18369
- EPSS 0%
- Published 31.10.2019 16:15:11
- Last modified 21.11.2024 04:33:08
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.
CVE-2019-16171
- EPSS 0.01%
- Published 02.10.2019 19:15:15
- Last modified 21.11.2024 04:30:11
In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.
CVE-2019-15040
- EPSS 0%
- Published 02.10.2019 19:15:15
- Last modified 21.11.2024 04:27:55
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.
CVE-2019-14956
- EPSS 0%
- Published 02.10.2019 19:15:14
- Last modified 21.11.2024 04:27:46
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.
CVE-2019-15041
- EPSS 0%
- Published 01.10.2019 20:15:11
- Last modified 21.11.2024 04:27:56
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.