RSS   Vulnerabilities for 'Youtrack integration'   RSS

2019-07-03
 
CVE-2019-10100

CWE-74
 

 
In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-template field to execute code remotely.

 

 >>> Vendor: Jetbrains 23 Products
Teamcity
Intellij idea
Dotpeek
Resharper ultimate
Youtrack integration
HUB
Youtrack
Kotlin
KTOR
Toolbox
Rider
VIM
Pycharm
Upsource
Resharper
Idetalk
Scala
Space
Goland
Phpstorm
Code with me
Webstorm
Rubymine


Copyright 2021, cxsecurity.com

 

Back to Top