RSS   Vulnerabilities for 'Youtrack integration'   RSS

2019-07-03
 
CVE-2019-10100

CWE-74
 

 
In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-template field to execute code remotely.

 

 >>> Vendor: Jetbrains 23 Products
VIM
Toolbox
HUB
Teamcity
Scala
Intellij idea
Dotpeek
Resharper ultimate
Youtrack integration
Youtrack
Kotlin
KTOR
Rider
Pycharm
Upsource
Resharper
Idetalk
Space
Goland
Phpstorm
Code with me
Webstorm
Rubymine


Copyright 2024, cxsecurity.com

 

Back to Top