RSS   Vulnerabilities for 'Youtrack'   RSS

2021-08-06
 
CVE-2021-37549

NVD-CWE-noinfo
 

 
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.

 
 
CVE-2021-37550

CWE-697
 

 
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.

 
 
CVE-2021-37551

CWE-326
 

 
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.

 
 
CVE-2021-37552

CWE-79
 

 
In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.

 
 
CVE-2021-37553

CWE-338
 

 
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.

 
 
CVE-2021-37554

CWE-200
 

 
In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.

 
2021-05-11
 
CVE-2021-27733

CWE-79
 

 
In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.

 
 
CVE-2021-31902

CWE-732
 

 
In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.

 
 
CVE-2021-31903

CWE-79
 

 
In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS.

 
 
CVE-2021-31905

CWE-200
 

 
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.

 


Copyright 2021, cxsecurity.com

 

Back to Top