JetBrains YouTrack 2023.3.26285

CPE Details

JetBrains YouTrack 2023.3.26285
jetbrains
youtrack
2023.3.26285
2024-12-16
18h36 +00:00
2024-12-16
18h36 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:jetbrains:youtrack:2023.3.26285:*:*:*:*:*:*:*

Informations

Vendor

jetbrains

Product

youtrack

Version

2023.3.26285

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-24458 2025-01-21 17h23 +00:00 In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration
7.8
High
CVE-2025-24457 2025-01-21 17h23 +00:00 In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs
5.5
Medium
CVE-2024-54158 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
5.3
Medium
CVE-2024-54157 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
6.5
Medium
CVE-2024-54156 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
6.5
Medium
CVE-2024-54155 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
5.3
Medium
CVE-2024-54154 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
9.8
Critical
CVE-2024-54153 2024-12-04 11h16 +00:00 In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
6.5
Medium
CVE-2024-50582 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements
5.4
Medium
CVE-2024-50581 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag
5.4
Medium
CVE-2024-50580 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule
5.4
Medium
CVE-2024-50579 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible
6.1
Medium
CVE-2024-50578 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page
5.4
Medium
CVE-2024-50577 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
5.4
Medium
CVE-2024-50576 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest
5.4
Medium
CVE-2024-50575 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
6.1
Medium
CVE-2024-50574 2024-10-28 12h55 +00:00 In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality
7.5
High
CVE-2024-49579 2024-10-17 13h00 +00:00 In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests
8.1
High
CVE-2024-48902 2024-10-10 10h34 +00:00 In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API
5.4
Medium
CVE-2024-47162 2024-09-19 17h20 +00:00 In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
5.3
Medium
CVE-2024-47160 2024-09-19 17h20 +00:00 In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
5.3
Medium
CVE-2024-47159 2024-09-19 17h20 +00:00 In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
4.3
Medium
CVE-2024-38506 2024-06-18 10h42 +00:00 In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows
8.1
High
CVE-2024-38505 2024-06-18 10h42 +00:00 In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
7.5
High
CVE-2024-38504 2024-06-18 10h42 +00:00 In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles
5.3
Medium
CVE-2024-35299 2024-05-16 10h31 +00:00 In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
7.5
High
CVE-2024-28230 2024-03-07 11h40 +00:00 In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions
6.5
Medium
CVE-2024-28229 2024-03-07 11h39 +00:00 In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
6.5
Medium
CVE-2024-28228 2024-03-07 11h39 +00:00 In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
5.3
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.