CVE-2020-7913
https://notcve.org/view.php?id=CVE-2020-7913
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description. JetBrains YouTrack versiones 2019.2 anteriores a 2019.2.59309, era vulnerable a un ataque de tipo XSS por medio de una descripción de problema. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/01/24/jetbrains-security-bulletin-q4-2019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-7912
https://notcve.org/view.php?id=CVE-2020-7912
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups. En JetBrains YouTrack versiones anteriores a 2019.2.59309, la configuración SMTP/Jabber podría ser accedida usando copias de seguridad. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/01/24/jetbrains-security-bulletin-q4-2019 • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2019-18369
https://notcve.org/view.php?id=CVE-2019-18369
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. En JetBrains YouTrack versiones anteriores a 2019.2.55152, eliminar etiquetas de la lista de problemas era posible sin el permiso correspondiente. • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 • CWE-276: Incorrect Default Permissions •
CVE-2019-14956
https://notcve.org/view.php?id=CVE-2019-14956
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names. JetBrains YouTrack versiones anteriores a 2019.2.53938, estaba usando configuraciones incorrectas, permitiendo a un usuario sin los permisos necesarios obtener otros nombres de proyectos. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-281: Improper Preservation of Permissions •
CVE-2019-15040
https://notcve.org/view.php?id=CVE-2019-15040
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page. JetBrains YouTrack versiones anteriores a 2019.1, presentaban una vulnerabilidad de tipo CSRF en la página de configuración. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-352: Cross-Site Request Forgery (CSRF) •