| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions. |
| In JetBrains YouTrack before 2025.2.86935,
2025.2.87167,
2025.3.87341,
2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions |
| In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form |
| In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure |
| In JetBrains YouTrack before 2025.2.86069,
2024.3.85077,
2025.1.86199 email spoofing via an administrative API was possible |
| In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning |
| In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API |
| In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content |
| In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible |
| In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles |
| In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication |
| In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox |
| In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter |
| In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding |
| In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector |
