CVE-2024-50579
📋 TL;DR
This vulnerability allows attackers to inject malicious scripts into JetBrains YouTrack web pages through specially crafted links. When users click these links, the scripts execute in their browsers, potentially stealing session cookies or performing unauthorized actions. All YouTrack instances running vulnerable versions are affected.
💻 Affected Systems
- JetBrains YouTrack
📦 What is this software?
Youtrack by Jetbrains
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, gain full control of the YouTrack instance, access sensitive issue data, modify projects, or pivot to internal systems.
Likely Case
Attackers steal user session cookies to impersonate users, access their private issues, or perform actions on their behalf within YouTrack.
If Mitigated
With proper web application firewalls and content security policies, the attack would be blocked or limited to non-sensitive actions.
🎯 Exploit Status
Reflected XSS typically requires user interaction (clicking a malicious link) but is straightforward to exploit once the vulnerability is understood.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.3.47707
Vendor Advisory: https://www.jetbrains.com/privacy-security/issues-fixed/
Restart Required: Yes
Instructions:
1. Backup your YouTrack instance. 2. Download YouTrack 2024.3.47707 or later from JetBrains. 3. Stop the YouTrack service. 4. Install the updated version. 5. Start the YouTrack service. 6. Verify the version is updated.
🔧 Temporary Workarounds
Implement Content Security Policy
allAdd a strict Content Security Policy header to block inline script execution
Add 'Content-Security-Policy: script-src 'self'' to web server configuration
Web Application Firewall Rules
allConfigure WAF to detect and block XSS payloads in URL parameters
Add WAF rules to block patterns like <script>, javascript:, and on* attributes in URLs
🧯 If You Can't Patch
- Implement strict input validation on all URL parameters to reject suspicious characters
- Deploy a reverse proxy with XSS filtering between users and YouTrack
🔍 How to Verify
Check if Vulnerable:
Check if YouTrack version is below 2024.3.47707 in the administration interface or via APICheck Version:
curl -s http://youtrack-instance/rest/admin/version | grep versionVerify Fix Applied:
Confirm version is 2024.3.47707 or higher and test that malicious script payloads in URLs are properly sanitized📡 Detection & Monitoring
Log Indicators:
- Unusual long URLs with script tags or javascript: in access logs
- Multiple failed login attempts from same IP after suspicious URL access
Network Indicators:
- HTTP requests with script tags or encoded payloads in query parameters
- Unusual outbound connections from YouTrack server after suspicious URL access
SIEM Query:
source="youtrack_access.log" AND (url="*<script>*" OR url="*javascript:*" OR url="*onclick=*" OR url="*onerror=*")