JetBrains YouTrack 2017.2.33063

CPE Details

JetBrains YouTrack 2017.2.33063
2017.2.33063
2019-10-09
09h56 +00:00
2019-10-09
09h56 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:jetbrains:youtrack:2017.2.33063:*:*:*:*:*:*:*

Informations

Vendor

jetbrains

Product

youtrack

Version

2017.2.33063

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-24458 2025-01-21 17h23 +00:00 In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration
7.8
High
CVE-2025-24457 2025-01-21 17h23 +00:00 In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs
5.5
Medium
CVE-2024-54158 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
5.3
Medium
CVE-2024-54157 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
6.5
Medium
CVE-2024-54156 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
6.5
Medium
CVE-2024-54155 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
5.3
Medium
CVE-2024-54154 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
9.8
Critical
CVE-2024-54153 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
6.5
Medium
CVE-2024-50582 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements
5.4
Medium
CVE-2024-50581 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag
5.4
Medium
CVE-2024-50580 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule
5.4
Medium
CVE-2024-50579 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible
6.1
Medium
CVE-2024-50578 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page
5.4
Medium
CVE-2024-50577 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
5.4
Medium
CVE-2024-50576 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest
5.4
Medium
CVE-2024-50575 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
6.1
Medium
CVE-2024-50574 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality
7.5
High
CVE-2024-49579 2024-10-17 13h00 +00:00 In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests
8.1
High
CVE-2024-48902 2024-10-10 10h34 +00:00 In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API
5.4
Medium
CVE-2024-47162 2024-09-19 17h20 +00:00 In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
5.3
Medium
CVE-2024-47160 2024-09-19 17h20 +00:00 In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
5.3
Medium
CVE-2024-47159 2024-09-19 17h20 +00:00 In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
4.3
Medium
CVE-2024-38506 2024-06-18 10h42 +00:00 In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows
8.1
High
CVE-2024-38505 2024-06-18 10h42 +00:00 In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
7.5
High
CVE-2024-38504 2024-06-18 10h42 +00:00 In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles
5.3
Medium
CVE-2024-35299 2024-05-16 10h31 +00:00 In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
7.5
High
CVE-2024-28230 2024-03-07 11h40 +00:00 In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions
6.5
Medium
CVE-2024-28229 2024-03-07 11h39 +00:00 In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
6.5
Medium
CVE-2024-28228 2024-03-07 11h39 +00:00 In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
5.3
Medium
CVE-2024-22370 2024-01-09 09h48 +00:00 In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible
5.4
Medium
CVE-2023-50871 2023-12-15 13h48 +00:00 In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed
4.3
Medium
CVE-2023-38068 2023-07-12 12h48 +00:00 In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms
7.3
High
CVE-2023-35054 2023-06-12 15h46 +00:00 In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
5.4
Medium
CVE-2023-35053 2023-06-12 15h46 +00:00 In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
7.5
High
CVE-2022-28650 2022-04-05 15h55 +00:00 In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
7.3
High
CVE-2022-28649 2022-04-05 15h55 +00:00 In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
5.4
Medium
CVE-2022-28648 2022-04-05 15h55 +00:00 In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
5.7
Medium
CVE-2022-24442 2022-02-25 19h01 +00:00 JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
9.8
Critical
CVE-2022-24347 2022-02-25 13h36 +00:00 JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.
5.4
Medium
CVE-2022-24344 2022-02-25 13h35 +00:00 JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.
5.4
Medium
CVE-2022-24343 2022-02-25 13h35 +00:00 In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
4.3
Medium
CVE-2021-43184 2021-11-09 13h33 +00:00 In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.
5.4
Medium
CVE-2021-43185 2021-11-09 13h32 +00:00 JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.
9.8
Critical
CVE-2021-43186 2021-11-09 13h25 +00:00 JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.
5.4
Medium
CVE-2021-37554 2021-08-06 11h32 +00:00 In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.
4.3
Medium
CVE-2021-37553 2021-08-06 11h31 +00:00 In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
7.5
High
CVE-2021-37551 2021-08-06 11h31 +00:00 In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
5.3
Medium
CVE-2021-37552 2021-08-06 11h30 +00:00 In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.
5.4
Medium
CVE-2021-37550 2021-08-06 11h29 +00:00 In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.
7.5
High
CVE-2021-37549 2021-08-06 11h26 +00:00 In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.
9.1
Critical
CVE-2021-31905 2021-05-11 09h40 +00:00 In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.
7.5
High
CVE-2021-31902 2021-05-11 09h38 +00:00 In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.
7.5
High
CVE-2021-31903 2021-05-11 09h37 +00:00 In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS.
6.1
Medium
CVE-2021-27733 2021-05-11 09h35 +00:00 In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.
5.4
Medium
CVE-2021-25771 2021-02-03 14h32 +00:00 In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.
4.3
Medium
CVE-2021-25770 2021-02-03 14h31 +00:00 In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
9.8
Critical
CVE-2021-25769 2021-02-03 14h30 +00:00 In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.
7.5
High
CVE-2021-25768 2021-02-03 14h29 +00:00 In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.
5.3
Medium
CVE-2021-25767 2021-02-03 14h29 +00:00 In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.
5.3
Medium
CVE-2021-25766 2021-02-03 14h28 +00:00 In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.
5.3
Medium
CVE-2020-25208 2021-02-03 14h27 +00:00 In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.
5.3
Medium
CVE-2021-25765 2021-02-03 14h26 +00:00 In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.
8.8
High
CVE-2020-27624 2020-11-16 13h59 +00:00 JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.
5.3
Medium
CVE-2020-27625 2020-11-16 13h59 +00:00 In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.
5.3
Medium
CVE-2020-27626 2020-11-16 13h58 +00:00 JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.
5.3
Medium
CVE-2020-25209 2020-11-16 13h56 +00:00 In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.
7.5
High
CVE-2020-25210 2020-11-16 13h45 +00:00 In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.
5.3
Medium
CVE-2020-15822 2020-10-19 16h45 +00:00 In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.
7.3
High
CVE-2020-24618 2020-08-27 17h48 +00:00 In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.
6.5
Medium
CVE-2020-15823 2020-08-08 18h17 +00:00 JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
7.5
High
CVE-2020-15821 2020-08-08 18h15 +00:00 In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
6.5
Medium
CVE-2020-15820 2020-08-08 18h08 +00:00 In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
5.3
Medium
CVE-2020-15819 2020-08-08 18h07 +00:00 JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.
5.3
Medium
CVE-2020-15817 2020-08-08 18h05 +00:00 In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.
8.8
High
CVE-2020-15818 2020-08-08 18h03 +00:00 In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.
5.3
Medium
CVE-2020-11693 2020-04-22 11h52 +00:00 JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.
7.5
High
CVE-2020-11692 2020-04-22 11h52 +00:00 In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.
2.7
Low
CVE-2019-18369 2019-10-31 14h25 +00:00 In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.
5.3
Medium
CVE-2019-14956 2019-10-02 16h41 +00:00 JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.
4.3
Medium
CVE-2019-15040 2019-10-02 16h32 +00:00 JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.
8.8
High
CVE-2019-16171 2019-10-02 16h24 +00:00 In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.
6.1
Medium
CVE-2019-15041 2019-10-01 17h35 +00:00 JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.
6.1
Medium
CVE-2019-14953 2019-10-01 13h48 +00:00 JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser.
6.1
Medium
CVE-2019-14952 2019-10-01 11h24 +00:00 JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles.
6.1
Medium
CVE-2019-12852 2019-07-03 17h48 +00:00 An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168.
9.8
Critical
CVE-2019-12866 2019-07-03 16h28 +00:00 An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
9.8
Critical
CVE-2019-12867 2019-07-03 16h24 +00:00 Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
9.8
Critical
CVE-2019-12850 2019-07-03 16h21 +00:00 A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.
9.8
Critical
CVE-2019-12851 2019-07-03 16h18 +00:00 A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852.
8.8
High