JetBrains YouTrack 2021.1.11111

CPE Details

JetBrains YouTrack 2021.1.11111
2021.1.11111
2024-12-16
18h36 +00:00
2024-12-16
18h36 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:jetbrains:youtrack:2021.1.11111:*:*:*:*:*:*:*

Informations

Vendor

jetbrains

Product

youtrack

Version

2021.1.11111

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-24458 2025-01-21 17h23 +00:00 In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration
7.8
High
CVE-2025-24457 2025-01-21 17h23 +00:00 In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs
5.5
Medium
CVE-2024-54158 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
5.3
Medium
CVE-2024-54157 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
6.5
Medium
CVE-2024-54156 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
6.5
Medium
CVE-2024-54155 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
5.3
Medium
CVE-2024-54154 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
9.8
Critical
CVE-2024-54153 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
6.5
Medium
CVE-2024-50582 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements
5.4
Medium
CVE-2024-50581 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag
5.4
Medium
CVE-2024-50580 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule
5.4
Medium
CVE-2024-50579 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible
6.1
Medium
CVE-2024-50578 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page
5.4
Medium
CVE-2024-50577 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
5.4
Medium
CVE-2024-50576 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest
5.4
Medium
CVE-2024-50575 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
6.1
Medium
CVE-2024-50574 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality
7.5
High
CVE-2024-49579 2024-10-17 13h00 +00:00 In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests
8.1
High
CVE-2024-48902 2024-10-10 10h34 +00:00 In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API
5.4
Medium
CVE-2024-47162 2024-09-19 17h20 +00:00 In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
5.3
Medium
CVE-2024-47160 2024-09-19 17h20 +00:00 In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
5.3
Medium
CVE-2024-47159 2024-09-19 17h20 +00:00 In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
4.3
Medium
CVE-2024-38506 2024-06-18 10h42 +00:00 In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows
8.1
High
CVE-2024-38505 2024-06-18 10h42 +00:00 In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
7.5
High
CVE-2024-38504 2024-06-18 10h42 +00:00 In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles
5.3
Medium
CVE-2024-35299 2024-05-16 10h31 +00:00 In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
7.5
High
CVE-2024-28230 2024-03-07 11h40 +00:00 In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions
6.5
Medium
CVE-2024-28229 2024-03-07 11h39 +00:00 In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
6.5
Medium
CVE-2024-28228 2024-03-07 11h39 +00:00 In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
5.3
Medium
CVE-2024-22370 2024-01-09 09h48 +00:00 In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible
5.4
Medium
CVE-2023-50871 2023-12-15 13h48 +00:00 In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed
4.3
Medium
CVE-2023-38068 2023-07-12 12h48 +00:00 In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms
7.3
High
CVE-2023-35054 2023-06-12 15h46 +00:00 In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
5.4
Medium
CVE-2023-35053 2023-06-12 15h46 +00:00 In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
7.5
High
CVE-2022-28650 2022-04-05 15h55 +00:00 In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
7.3
High
CVE-2022-28649 2022-04-05 15h55 +00:00 In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
5.4
Medium
CVE-2022-28648 2022-04-05 15h55 +00:00 In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
5.7
Medium
CVE-2022-24442 2022-02-25 19h01 +00:00 JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
9.8
Critical
CVE-2022-24347 2022-02-25 13h36 +00:00 JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.
5.4
Medium
CVE-2022-24344 2022-02-25 13h35 +00:00 JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.
5.4
Medium
CVE-2022-24343 2022-02-25 13h35 +00:00 In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
4.3
Medium
CVE-2021-43184 2021-11-09 13h33 +00:00 In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.
5.4
Medium
CVE-2021-43185 2021-11-09 13h32 +00:00 JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.
9.8
Critical
CVE-2021-43186 2021-11-09 13h25 +00:00 JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.
5.4
Medium
CVE-2021-37554 2021-08-06 11h32 +00:00 In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.
4.3
Medium
CVE-2021-37553 2021-08-06 11h31 +00:00 In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
7.5
High
CVE-2021-37551 2021-08-06 11h31 +00:00 In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
5.3
Medium
CVE-2021-37552 2021-08-06 11h30 +00:00 In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.
5.4
Medium
CVE-2021-37550 2021-08-06 11h29 +00:00 In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.
7.5
High