📦 Youtrack
by Jetbrains
🔍 What is Youtrack?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This CVE describes a Server-Side Template Injection (SSTI) vulnerability in JetBrains YouTrack that allows attackers to execute arbitrary code on the server. It affects YouTrack instances running vers...
CVE-2021-43185 is a Host header injection vulnerability in JetBrains YouTrack that allows attackers to manipulate HTTP Host headers to perform web cache poisoning, redirect users to malicious sites, o...
This vulnerability allows insufficient sandboxing in JetBrains YouTrack workflows, potentially enabling attackers to execute arbitrary code or bypass security restrictions. It affects all YouTrack ins...
This vulnerability is a server-side template injection (SSTI) in JetBrains YouTrack, allowing attackers to inject malicious templates that can execute arbitrary code on the server. It affects YouTrack...
This vulnerability in JetBrains YouTrack allows applications to send unauthorized requests to the app permissions endpoint, potentially enabling privilege escalation or unauthorized access. It affects...
This stored cross-site scripting (XSS) vulnerability in JetBrains YouTrack allows attackers to inject malicious scripts into Mermaid diagram content that persists in the system and executes when viewe...
This vulnerability allows attackers to spoof emails through an administrative API in JetBrains YouTrack. Attackers could send emails appearing to come from legitimate sources, potentially tricking use...
This vulnerability in JetBrains YouTrack allows unauthorized deletion of issues due to missing permission checks in the API. Any YouTrack instance with users who shouldn't have issue deletion permissi...
This vulnerability in JetBrains YouTrack allows attackers to take over user accounts by spoofing email addresses and exploiting the Helpdesk integration. It affects all YouTrack instances running vers...
This vulnerability allows attackers to inject malicious JavaScript into Markdown content in JetBrains YouTrack's Classic UI. When exploited, it enables cross-site scripting (XSS) attacks that can stea...
This vulnerability in JetBrains YouTrack uses an insecure pseudo-random number generator (PRNG) that could allow attackers to predict generated values. This affects YouTrack instances before version 2...
This vulnerability in JetBrains YouTrack allows unauthorized information disclosure through issue previews. Attackers can potentially access sensitive data that should be restricted. Organizations usi...
This vulnerability in JetBrains YouTrack prevents administrators from accessing attachments stored in the system. It affects YouTrack administrators who need to review or manage user-uploaded files. T...
This Cross-Site Request Forgery (CSRF) vulnerability in JetBrains YouTrack allows attackers to trick authenticated users into uploading malicious attachments without their consent. It affects YouTrack...
JetBrains YouTrack versions before 2025.3.119033 expose access tokens in Mailbox logs, potentially allowing attackers to steal authentication credentials. This affects all YouTrack instances with Mail...
JetBrains YouTrack versions before 2024.3.55417 expose permanent authentication tokens in application logs. This vulnerability allows attackers with access to log files to steal tokens and impersonate...
This CVE describes a prototype pollution vulnerability in JetBrains YouTrack issue tracking software. Attackers can manipulate JavaScript object prototypes to modify application behavior, potentially ...
This vulnerability allows attackers to inject malicious scripts into JetBrains YouTrack web pages through specially crafted links. When users click these links, the scripts execute in their browsers, ...
This vulnerability allows attackers to inject malicious scripts into YouTrack comments due to improper HTML sanitization. When exploited, it enables cross-site scripting (XSS) attacks that could steal...
This vulnerability allows reflected cross-site scripting (XSS) attacks in JetBrains YouTrack's Widget API. Attackers can inject malicious scripts that execute in users' browsers when they click specia...
This stored cross-site scripting (XSS) vulnerability in JetBrains YouTrack allows attackers to inject malicious Angular templates into Hub settings, which are then executed when other users view those...
This vulnerability in JetBrains YouTrack allows unauthorized users to access global application configuration data. It affects all YouTrack instances running versions before 2024.3.44799. The issue st...
This vulnerability allows users without proper permissions to enable the auto-attach option for workflows in JetBrains YouTrack. This could lead to unauthorized automation of workflow actions. All You...
This vulnerability allows guest users in JetBrains YouTrack to attach files to articles, which should be restricted. It affects YouTrack instances with guest accounts enabled that haven't been updated...
This vulnerability in JetBrains YouTrack allows man-in-the-middle attacks due to improper certificate hostname validation in SMTPS protocol communication. Attackers could intercept or manipulate email...
A race condition vulnerability in JetBrains YouTrack allows bypassing helpdesk Agent license limits. This affects organizations using YouTrack's helpdesk functionality with concurrent user access. Att...