CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24458
https://notcve.org/view.php?id=CVE-2025-24458
21 Jan 2025 — In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24457
https://notcve.org/view.php?id=CVE-2025-24457
21 Jan 2025 — In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54158
https://notcve.org/view.php?id=CVE-2024-54158
04 Dec 2024 — In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding En JetBrains YouTrack antes de 2024.3.52635 era posible un posible ataque de suplantación de identidad debido a la falta de codificación Punycode • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-173: Improper Handling of Alternate Encoding •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54157
https://notcve.org/view.php?id=CVE-2024-54157
04 Dec 2024 — In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector En JetBrains YouTrack antes de 2024.3.52635 era posible un ReDoS potencial debido a una RegExp vulnerable en el detector de sintaxis Ruby • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54156
https://notcve.org/view.php?id=CVE-2024-54156
04 Dec 2024 — In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack En JetBrains YouTrack antes de 2024.3.52635, varias funciones de fusión eran vulnerables a ataques de contaminación de prototipos • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54155
https://notcve.org/view.php?id=CVE-2024-54155
04 Dec 2024 — In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication En JetBrains YouTrack antes de 2024.3.51866, un control de acceso incorrecto permitía enumerar nombres de proyectos durante la importación de aplicaciones sin autenticación • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54154
https://notcve.org/view.php?id=CVE-2024-54154
04 Dec 2024 — In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox En JetBrains YouTrack antes de 2024.3.51866, la toma de control del sistema era posible a través del path traversal en el entorno protegido del complemento • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-23: Relative Path Traversal •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54153
https://notcve.org/view.php?id=CVE-2024-54153
04 Dec 2024 — In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter En JetBrains YouTrack antes de 2024.3.51866, la descarga de copias de seguridad de bases de datos no autenticadas era posible a través de un parámetro de consulta vulnerable • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50582
https://notcve.org/view.php?id=CVE-2024-50582
28 Oct 2024 — In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50581
https://notcve.org/view.php?id=CVE-2024-50581
28 Oct 2024 — In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •