CVE-2024-50577
📋 TL;DR
This stored cross-site scripting (XSS) vulnerability in JetBrains YouTrack allows attackers to inject malicious Angular templates into Hub settings, which are then executed when other users view those settings. It affects YouTrack instances running versions before 2024.3.47707. Attackers could potentially steal session cookies, perform actions as authenticated users, or redirect users to malicious sites.
💻 Affected Systems
- JetBrains YouTrack
📦 What is this software?
Youtrack by Jetbrains
⚠️ Risk & Real-World Impact
Worst Case
An attacker could steal administrator session cookies, gain full administrative access to the YouTrack instance, compromise user accounts, and potentially pivot to internal systems.
Likely Case
Attackers with access to Hub settings could inject malicious scripts that steal session cookies or perform unauthorized actions when other users view those settings.
If Mitigated
With proper input validation and output encoding, the injected scripts would be rendered harmless as text rather than executable code.
🎯 Exploit Status
Exploitation requires some level of access to Hub settings, but the actual injection is straightforward once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.3.47707
Vendor Advisory: https://www.jetbrains.com/privacy-security/issues-fixed/
Restart Required: Yes
Instructions:
1. Backup your YouTrack instance. 2. Download YouTrack version 2024.3.47707 or later from JetBrains. 3. Follow JetBrains upgrade documentation for your deployment method (Docker, standalone, etc.). 4. Restart the YouTrack service.
🔧 Temporary Workarounds
Restrict Hub Settings Access
allLimit access to Hub settings functionality to only essential administrators
Content Security Policy
allImplement strict Content Security Policy headers to mitigate XSS impact
🧯 If You Can't Patch
- Implement strict input validation and output encoding for all user-controlled data in Hub settings
- Monitor and audit all changes to Hub settings for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check YouTrack version in Administration → System Settings → AboutCheck Version:
For Docker: docker exec youtrack-container cat /opt/youtrack/version.txtVerify Fix Applied:
Verify version is 2024.3.47707 or later in Administration → System Settings → About📡 Detection & Monitoring
Log Indicators:
- Unusual modifications to Hub settings
- Angular template syntax in settings fields
- Multiple failed login attempts followed by settings changes
Network Indicators:
- Unexpected outbound connections from YouTrack server after settings changes
- Suspicious JavaScript payloads in HTTP requests
SIEM Query:
source="youtrack" AND ("Hub settings" OR "angular template") AND (modif* OR update* OR change*)