CVE-2022-24347
https://notcve.org/view.php?id=CVE-2022-24347
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. JetBrains YouTrack versiones anteriores a 2021.4.36872 era vulnerable a un ataque de tipo XSS almacenado por medio de un icono de proyecto. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-24344
https://notcve.org/view.php?id=CVE-2022-24344
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. En JetBrains YouTrack versiones anteriores a 2021.4.31698 era vulnerable a un ataque de tipo XSS almacenado en la página de plantillas de notificaciones. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-24343
https://notcve.org/view.php?id=CVE-2022-24343
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. En JetBrains YouTrack versiones anteriores a 2021.4.31698, un usuario con permisos de sólo lectura podía establecer un logotipo personalizado. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-276: Incorrect Default Permissions •
CVE-2021-43187
https://notcve.org/view.php?id=CVE-2021-43187
In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information. En JetBrains YouTrack Mobile versiones anteriores a 2021.2, la caché del lado del cliente en iOS podría contener información confidencial • https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021 •
CVE-2021-43188
https://notcve.org/view.php?id=CVE-2021-43188
In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete. En JetBrains YouTrack Mobile versiones anteriores a 2021.2, la protección del token de acceso en iOS es incompleta • https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021 •