CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15823
https://notcve.org/view.php?id=CVE-2020-15823
08 Aug 2020 — JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. JetBrains YouTrack versiones anteriores a 2020.2.8873, es vulnerable a un ataque de tipo SSRF en el componente Workflow • https://blog.jetbrains.com • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15821
https://notcve.org/view.php?id=CVE-2020-15821
08 Aug 2020 — In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. En JetBrains YouTrack versiones anteriores a 2020.2.6881, un usuario sin permiso puede crear un borrador de artículo • https://blog.jetbrains.com • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15820
https://notcve.org/view.php?id=CVE-2020-15820
08 Aug 2020 — In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. En JetBrains YouTrack versiones anteriores a 2020.2.6881, el analizador de rebajas podía divulgar la presencia de archivos ocultos • https://blog.jetbrains.com •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15819
https://notcve.org/view.php?id=CVE-2020-15819
08 Aug 2020 — JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. JetBrains YouTrack versiones anteriores a 2020.2.10643, era vulnerable a un ataque de tipo SSRF que permitía escanear puertos internos • https://blog.jetbrains.com • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15817
https://notcve.org/view.php?id=CVE-2020-15817
08 Aug 2020 — In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. En JetBrains YouTrack versiones anteriores a 2020.1.1331, un usuario externo podía ejecutar comandos frente a problemas arbitrarios • https://blog.jetbrains.com •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15818
https://notcve.org/view.php?id=CVE-2020-15818
08 Aug 2020 — In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. En JetBrains YouTrack versiones anteriores a 2020.2.8527, el flujo de trabajo de las subtareas podría revelar la existencia de un problema • https://blog.jetbrains.com •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11693
https://notcve.org/view.php?id=CVE-2020-11693
22 Apr 2020 — JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue. JetBrains YouTrack versiones anteriores a la versión 2020.1.659, era vulnerable a una DoS que podría ser causado al adjuntar un archivo TIFF malformado a un problema. • https://blog.jetbrains.com/blog/2020/04/22/jetbrains-security-bulletin-q1-2020 •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11692
https://notcve.org/view.php?id=CVE-2020-11692
22 Apr 2020 — In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators. En JetBrains YouTrack versiones anteriores a la versión 2020.1.659, una exportación de DB era accesible a unos administradores de solo lectura. • https://blog.jetbrains.com/blog/2020/04/22/jetbrains-security-bulletin-q1-2020 • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18369
https://notcve.org/view.php?id=CVE-2019-18369
31 Oct 2019 — In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. En JetBrains YouTrack versiones anteriores a 2019.2.55152, eliminar etiquetas de la lista de problemas era posible sin el permiso correspondiente. • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 • CWE-276: Incorrect Default Permissions •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14956
https://notcve.org/view.php?id=CVE-2019-14956
02 Oct 2019 — JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names. JetBrains YouTrack versiones anteriores a 2019.2.53938, estaba usando configuraciones incorrectas, permitiendo a un usuario sin los permisos necesarios obtener otros nombres de proyectos. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-281: Improper Preservation of Permissions •