CVE-2020-15817
https://notcve.org/view.php?id=CVE-2020-15817
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. En JetBrains YouTrack versiones anteriores a 2020.1.1331, un usuario externo podía ejecutar comandos frente a problemas arbitrarios • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020 •
CVE-2020-15818
https://notcve.org/view.php?id=CVE-2020-15818
In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. En JetBrains YouTrack versiones anteriores a 2020.2.8527, el flujo de trabajo de las subtareas podría revelar la existencia de un problema • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020 •
CVE-2020-11693
https://notcve.org/view.php?id=CVE-2020-11693
JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue. JetBrains YouTrack versiones anteriores a la versión 2020.1.659, era vulnerable a una DoS que podría ser causado al adjuntar un archivo TIFF malformado a un problema. • https://blog.jetbrains.com/blog/2020/04/22/jetbrains-security-bulletin-q1-2020 •
CVE-2020-11692
https://notcve.org/view.php?id=CVE-2020-11692
In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators. En JetBrains YouTrack versiones anteriores a la versión 2020.1.659, una exportación de DB era accesible a unos administradores de solo lectura. • https://blog.jetbrains.com/blog/2020/04/22/jetbrains-security-bulletin-q1-2020 • CWE-276: Incorrect Default Permissions •
CVE-2020-7913
https://notcve.org/view.php?id=CVE-2020-7913
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description. JetBrains YouTrack versiones 2019.2 anteriores a 2019.2.59309, era vulnerable a un ataque de tipo XSS por medio de una descripción de problema. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/01/24/jetbrains-security-bulletin-q4-2019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •