JetBrains YouTrack 2024.3.47707

CPE Details

JetBrains YouTrack 2024.3.47707
jetbrains
youtrack
2024.3.47707
2024-12-16
18h36 +00:00
2024-12-16
18h36 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:jetbrains:youtrack:2024.3.47707:*:*:*:*:*:*:*

Informations

Vendor

jetbrains

Product

youtrack

Version

2024.3.47707

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-24458 2025-01-21 17h23 +00:00 In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration
7.8
High
CVE-2025-24457 2025-01-21 17h23 +00:00 In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs
5.5
Medium
CVE-2024-54158 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
5.3
Medium
CVE-2024-54157 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
6.5
Medium
CVE-2024-54156 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
6.5
Medium
CVE-2024-54155 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
5.3
Medium
CVE-2024-54154 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
9.8
Critical
CVE-2024-54153 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
6.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.