Known Vulnerabilities for Youtrack by Jetbrains
Listed below are 10 of the newest known vulnerabilities associated with "Youtrack" by "Jetbrains".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-24442 | JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. | 9.8 - CRITICAL | 2022-02-25 | 2023-08-08 |
| CVE-2022-24347 | JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. | 5.4 - MEDIUM | 2022-02-25 | 2022-03-04 |
| CVE-2022-24344 | JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. | 5.4 - MEDIUM | 2022-02-25 | 2022-03-04 |
| CVE-2022-24343 | In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. | 4.3 - MEDIUM | 2022-02-25 | 2022-03-04 |
| CVE-2021-25770 | In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execut... | 9.8 - CRITICAL | 2021-02-03 | 2021-02-05 |
| CVE-2021-25769 | In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments. | 7.5 - HIGH | 2021-02-03 | 2021-02-05 |
| CVE-2021-25768 | In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly. | 5.3 - MEDIUM | 2021-02-03 | 2022-07-12 |
| CVE-2021-25767 | In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution. | 5.3 - MEDIUM | 2021-02-03 | 2022-06-28 |
| CVE-2021-25766 | In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made. | 5.3 - MEDIUM | 2021-02-03 | 2021-02-08 |
| CVE-2021-25765 | In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible. | 8.8 - HIGH | 2021-02-03 | 2021-02-04 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Jetbrains | Youtrack | 7.0.29566 | All | All | All |
| Application | Jetbrains | Youtrack | 7.0.28958 | All | All | All |
| Application | Jetbrains | Youtrack | 7.0.28450 | All | All | All |
| Application | Jetbrains | Youtrack | 7.0.28110 | All | All | All |
| Application | Jetbrains | Youtrack | 7.0.27965 | All | All | All |
| Application | Jetbrains | Youtrack | 7.0.27777 | All | All | All |
| Application | Jetbrains | Youtrack | 7.0.27705 | All | All | All |
| Application | Jetbrains | Youtrack | 7.0.27676 | All | All | All |
| Application | Jetbrains | Youtrack | 7.0.26927 | All | All | All |
| Application | Jetbrains | Youtrack | 7.0.26754 | All | All | All |
| Application | Jetbrains | Youtrack | 7.0.26630 | All | All | All |
| Application | Jetbrains | Youtrack | 7.0.26198 | All | All | All |
| Application | Jetbrains | Youtrack | 6.5.17122 | All | All | All |
| Application | Jetbrains | Youtrack | 6.5.17105 | All | All | All |
| Application | Jetbrains | Youtrack | 6.5.17057 | All | All | All |
| Application | Jetbrains | Youtrack | 6.5.17031 | All | All | All |
| Application | Jetbrains | Youtrack | 6.0.12634 | All | All | All |
| Application | Jetbrains | Youtrack | 6.0.12124 | All | All | All |
| Application | Jetbrains | Youtrack | 5.2.5 | All | All | All |
| Application | Jetbrains | Youtrack | 4.2.4 | All | All | All |