CVE-2024-28228
https://notcve.org/view.php?id=CVE-2024-28228
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible En JetBrains YouTrack antes de 2024.1.25893 era posible crear comentarios en nombre de un usuario arbitrario en HelpDesk • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-290: Authentication Bypass by Spoofing •
CVE-2024-22370
https://notcve.org/view.php?id=CVE-2024-22370
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible En JetBrains YouTrack antes de 2023.3.22666 era posible el XSS almacenado mediante markdown • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-50871
https://notcve.org/view.php?id=CVE-2023-50871
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed En JetBrains YouTrack anterior a 2023.3.22268, se omitía la verificación de autorización para comentarios en línea dentro de las respuestas de los hilos. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-285: Improper Authorization •
CVE-2023-38068
https://notcve.org/view.php?id=CVE-2023-38068
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-799: Improper Control of Interaction Frequency •
CVE-2023-35054
https://notcve.org/view.php?id=CVE-2023-35054
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •