CVE-2020-7913
https://notcve.org/view.php?id=CVE-2020-7913
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description. JetBrains YouTrack versiones 2019.2 anteriores a 2019.2.59309, era vulnerable a un ataque de tipo XSS por medio de una descripción de problema. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/01/24/jetbrains-security-bulletin-q4-2019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-7912
https://notcve.org/view.php?id=CVE-2020-7912
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups. En JetBrains YouTrack versiones anteriores a 2019.2.59309, la configuración SMTP/Jabber podría ser accedida usando copias de seguridad. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/01/24/jetbrains-security-bulletin-q4-2019 • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2019-18369
https://notcve.org/view.php?id=CVE-2019-18369
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. En JetBrains YouTrack versiones anteriores a 2019.2.55152, eliminar etiquetas de la lista de problemas era posible sin el permiso correspondiente. • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 • CWE-276: Incorrect Default Permissions •
CVE-2019-14956
https://notcve.org/view.php?id=CVE-2019-14956
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names. JetBrains YouTrack versiones anteriores a 2019.2.53938, estaba usando configuraciones incorrectas, permitiendo a un usuario sin los permisos necesarios obtener otros nombres de proyectos. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-281: Improper Preservation of Permissions •
CVE-2019-16171
https://notcve.org/view.php?id=CVE-2019-16171
In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page. En JetBrains YouTrack versiones hasta 2019.2.56594, se encontró una vulnerabilidad de tipo XSS almacenado en la página del asunto. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •