RSS   Vulnerabilities for 'Youtrack'   RSS

2022-02-25
 
CVE-2022-24442

CWE-74
 

 
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

 
 
CVE-2022-24343

CWE-276
 

 
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.

 
 
CVE-2022-24344

CWE-79
 

 
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.

 
 
CVE-2022-24347

CWE-79
 

 
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.

 
2021-11-09
 
CVE-2021-43184

CWE-79
 

 
In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.

 
 
CVE-2021-43185

CWE-74
 

 
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.

 
 
CVE-2021-43186

CWE-79
 

 
JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.

 
2021-08-06
 
CVE-2021-37549

NVD-CWE-noinfo
 

 
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.

 
 
CVE-2021-37550

CWE-697
 

 
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.

 
 
CVE-2021-37551

CWE-326
 

 
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.

 


Copyright 2024, cxsecurity.com

 

Back to Top