CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37554
https://notcve.org/view.php?id=CVE-2021-37554
06 Aug 2021 — In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions. En JetBrains YouTrack versiones anteriores a 2021.3.21051, un usuario podía visualizar tableros sin tener los permisos correspondientes • https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37553
https://notcve.org/view.php?id=CVE-2021-37553
06 Aug 2021 — In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. En JetBrains YouTrack versiones anteriores a 2021.2.16363, era usado un PRNG no seguro • https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37551
https://notcve.org/view.php?id=CVE-2021-37551
06 Aug 2021 — In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256. En JetBrains YouTrack versiones anteriores a 2021.2.16363, unas contraseñas de usuarios del sistema estaban cifradas con SHA-256 • https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37552
https://notcve.org/view.php?id=CVE-2021-37552
06 Aug 2021 — In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. En JetBrains YouTrack versiones anteriores a 2021.2.17925, era posible un ataque de tipo XSS almacenado • https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37550
https://notcve.org/view.php?id=CVE-2021-37550
06 Aug 2021 — In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used. En JetBrains YouTrack versiones anteriores a 2021.2.16363, eran usadas comparaciones no seguras en el tiempo • https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021 • CWE-697: Incorrect Comparison •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37549
https://notcve.org/view.php?id=CVE-2021-37549
06 Aug 2021 — In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient. En JetBrains YouTrack versiones anteriores a 2021.1.11111, el sandboxing en los workflows era insuficiente • https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31905
https://notcve.org/view.php?id=CVE-2021-31905
11 May 2021 — In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible. En JetBrains YouTrack versiones anteriores a 2020.6.8801, una divulgación de información en una vista previa de problemas fue posible • https://blog.jetbrains.com •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31902
https://notcve.org/view.php?id=CVE-2021-31902
11 May 2021 — In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly. En JetBrains YouTrack versiones anteriores a 2020.6.6600, un control de acceso durante la exportación de problemas fue implementada inapropiadamente • https://blog.jetbrains.com • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31903
https://notcve.org/view.php?id=CVE-2021-31903
11 May 2021 — In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS. En JetBrains YouTrack versiones anteriores a 2021.1.9819, el título de una petición de extracción no fue saneada suficientemente, conllevando a una vulnerabilidad de tipo XSS • https://blog.jetbrains.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27733
https://notcve.org/view.php?id=CVE-2021-27733
11 May 2021 — In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment. En JetBrains YouTrack versiones anteriores a 2020.6.6441, fue posible ataques de tipo XSS almacenado por medio de una emisión de un archivo adjunto • https://blog.jetbrains.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •