CVE-2024-48902
https://notcve.org/view.php?id=CVE-2024-48902
In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-862: Missing Authorization •
CVE-2024-47162
https://notcve.org/view.php?id=CVE-2024-47162
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •
CVE-2024-47160
https://notcve.org/view.php?id=CVE-2024-47160
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVE-2024-47159
https://notcve.org/view.php?id=CVE-2024-47159
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVE-2024-38506
https://notcve.org/view.php?id=CVE-2024-38506
In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows En JetBrains YouTrack anterior a 2024.2.34646, el usuario sin los permisos adecuados podía habilitar la opción de conexión automática para flujos de trabajo • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-862: Missing Authorization •