Search criteria

59 vulnerabilities found for youtrack by jetbrains

CVE-2026-57926 (GCVE-0-2026-57926)

Vulnerability from cvelistv5 – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:45
VLAI?
Summary
In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-57926",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-26T13:26:32.244498Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1321",
                "description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-26T13:45:02.085Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2026.2.16593",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T12:38:19.536Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2026-57926",
    "datePublished": "2026-06-26T12:38:19.536Z",
    "dateReserved": "2026-06-26T12:21:24.396Z",
    "dateUpdated": "2026-06-26T13:45:02.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-57925 (GCVE-0-2026-57925)

Vulnerability from cvelistv5 – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:45
VLAI?
Summary
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-57925",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-26T13:26:51.590681Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-26T13:45:18.602Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2026.2.16593",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T12:38:19.039Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2026-57925",
    "datePublished": "2026-06-26T12:38:19.039Z",
    "dateReserved": "2026-06-26T12:21:24.090Z",
    "dateUpdated": "2026-06-26T13:45:18.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-57924 (GCVE-0-2026-57924)

Vulnerability from cvelistv5 – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:45
VLAI?
Summary
In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-57924",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-26T13:27:13.533690Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-26T13:45:33.441Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2026.2.16593",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T12:38:18.647Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2026-57924",
    "datePublished": "2026-06-26T12:38:18.647Z",
    "dateReserved": "2026-06-26T12:21:23.827Z",
    "dateUpdated": "2026-06-26T13:45:33.441Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-57923 (GCVE-0-2026-57923)

Vulnerability from cvelistv5 – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:45
VLAI?
Summary
In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-57923",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-26T13:27:33.706322Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-862",
                "description": "CWE-862 Missing Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-26T13:45:47.920Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2026.2.16593",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T12:38:18.291Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2026-57923",
    "datePublished": "2026-06-26T12:38:18.291Z",
    "dateReserved": "2026-06-26T12:21:23.467Z",
    "dateUpdated": "2026-06-26T13:45:47.920Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-57922 (GCVE-0-2026-57922)

Vulnerability from cvelistv5 – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:46
VLAI?
Summary
In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-57922",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-26T13:27:56.424537Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-26T13:46:03.260Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2026.2.16593",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T12:38:17.932Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2026-57922",
    "datePublished": "2026-06-26T12:38:17.932Z",
    "dateReserved": "2026-06-26T12:21:23.232Z",
    "dateUpdated": "2026-06-26T13:46:03.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-57921 (GCVE-0-2026-57921)

Vulnerability from cvelistv5 – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:46
VLAI?
Summary
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-57921",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-26T13:28:23.594340Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-26T13:46:22.254Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2026.2.16593",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users\u0027 private data via the comment templates endpoint"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T12:38:17.373Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2026-57921",
    "datePublished": "2026-06-26T12:38:17.373Z",
    "dateReserved": "2026-06-26T12:21:22.954Z",
    "dateUpdated": "2026-06-26T13:46:22.254Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-49386 (GCVE-0-2026-49386)

Vulnerability from cvelistv5 – Published: 2026-05-29 18:15 – Updated: 2026-05-29 19:03
VLAI?
Summary
In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2026.1.13570 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-49386",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-29T19:03:42.193474Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-29T19:03:55.994Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2026.1.13570",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-29T18:15:54.714Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2026-49386",
    "datePublished": "2026-05-29T18:15:54.714Z",
    "dateReserved": "2026-05-29T18:08:00.835Z",
    "dateUpdated": "2026-05-29T19:03:55.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-49385 (GCVE-0-2026-49385)

Vulnerability from cvelistv5 – Published: 2026-05-29 18:15 – Updated: 2026-05-29 19:27
VLAI?
Summary
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2026.1.13570 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-49385",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-29T19:24:24.552797Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-29T19:27:11.563Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2026.1.13570",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-29T18:15:54.342Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2026-49385",
    "datePublished": "2026-05-29T18:15:54.342Z",
    "dateReserved": "2026-05-29T18:08:00.467Z",
    "dateUpdated": "2026-05-29T19:27:11.563Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-49370 (GCVE-0-2026-49370)

Vulnerability from cvelistv5 – Published: 2026-05-29 18:15 – Updated: 2026-05-29 19:30
VLAI?
Summary
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2026.1.13162 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-49370",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-29T19:17:10.560332Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-29T19:30:39.849Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2026.1.13162",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-201",
              "description": "CWE-201",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-29T18:15:47.385Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2026-49370",
    "datePublished": "2026-05-29T18:15:47.385Z",
    "dateReserved": "2026-05-29T18:07:54.578Z",
    "dateUpdated": "2026-05-29T19:30:39.849Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-49369 (GCVE-0-2026-49369)

Vulnerability from cvelistv5 – Published: 2026-05-29 18:15 – Updated: 2026-05-29 19:30
VLAI?
Summary
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2026.1.13162 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-49369",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-29T19:17:02.648430Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-29T19:30:54.245Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2026.1.13162",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-29T18:15:46.993Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2026-49369",
    "datePublished": "2026-05-29T18:15:46.993Z",
    "dateReserved": "2026-05-29T18:07:53.871Z",
    "dateUpdated": "2026-05-29T19:30:54.245Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-49368 (GCVE-0-2026-49368)

Vulnerability from cvelistv5 – Published: 2026-05-29 18:15 – Updated: 2026-05-29 19:31
VLAI?
Summary
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2026.1.13162 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-49368",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-29T19:16:39.207550Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-29T19:31:08.334Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2026.1.13162",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-29T18:15:46.548Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2026-49368",
    "datePublished": "2026-05-29T18:15:46.548Z",
    "dateReserved": "2026-05-29T18:07:53.529Z",
    "dateUpdated": "2026-05-29T19:31:08.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33392 (GCVE-0-2026-33392)

Vulnerability from cvelistv5 – Published: 2026-04-17 07:46 – Updated: 2026-04-18 03:55
VLAI?
Summary
In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2025.3.131383 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33392",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-17T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-18T03:55:54.262Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2025.3.131383",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1336",
              "description": "CWE-1336",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-17T07:46:11.710Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2026-33392",
    "datePublished": "2026-04-17T07:46:11.710Z",
    "dateReserved": "2026-03-19T12:17:14.827Z",
    "dateUpdated": "2026-04-18T03:55:54.262Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-28193 (GCVE-0-2026-28193)

Vulnerability from cvelistv5 – Published: 2026-02-25 12:57 – Updated: 2026-02-26 14:44
VLAI?
Summary
In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2025.3.121962 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-28193",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-26T04:55:49.115945Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T14:44:06.777Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2025.3.121962",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-25T12:57:27.463Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2026-28193",
    "datePublished": "2026-02-25T12:57:27.463Z",
    "dateReserved": "2026-02-25T12:35:11.990Z",
    "dateUpdated": "2026-02-26T14:44:06.777Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25846 (GCVE-0-2026-25846)

Vulnerability from cvelistv5 – Published: 2026-02-09 10:38 – Updated: 2026-02-09 13:46
VLAI?
Summary
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2025.3.119033 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25846",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-09T13:45:33.033939Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-09T13:46:19.192Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2025.3.119033",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-09T10:38:59.786Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2026-25846",
    "datePublished": "2026-02-09T10:38:59.786Z",
    "dateReserved": "2026-02-06T14:16:36.496Z",
    "dateUpdated": "2026-02-09T13:46:19.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-64773 (GCVE-0-2025-64773)

Vulnerability from cvelistv5 – Published: 2025-11-11 15:23 – Updated: 2025-12-11 19:00
VLAI?
Summary
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2025.3.104432 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-64773",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-12T14:54:17.572310Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-362",
                "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-11T19:00:41.658Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2025.3.104432",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-11T15:23:19.653Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2025-64773",
    "datePublished": "2025-11-11T15:23:19.653Z",
    "dateReserved": "2025-11-11T15:02:03.361Z",
    "dateUpdated": "2025-12-11T19:00:41.658Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-64685 (GCVE-0-2025-64685)

Vulnerability from cvelistv5 – Published: 2025-11-10 13:27 – Updated: 2026-02-26 17:47
VLAI?
Summary
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2025.3.104432 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-64685",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-11T04:55:36.836757Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:47:05.797Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2025.3.104432",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-10T13:27:58.093Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2025-64685",
    "datePublished": "2025-11-10T13:27:58.093Z",
    "dateReserved": "2025-11-07T15:10:50.666Z",
    "dateUpdated": "2026-02-26T17:47:05.797Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-64684 (GCVE-0-2025-64684)

Vulnerability from cvelistv5 – Published: 2025-11-10 13:27 – Updated: 2025-11-10 14:50
VLAI?
Summary
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2025.3.104432 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-64684",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-10T14:50:18.554610Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-10T14:50:23.510Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2025.3.104432",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-10T13:27:57.428Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2025-64684",
    "datePublished": "2025-11-10T13:27:57.428Z",
    "dateReserved": "2025-11-07T15:10:50.072Z",
    "dateUpdated": "2025-11-10T14:50:23.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-57731 (GCVE-0-2025-57731)

Vulnerability from cvelistv5 – Published: 2025-08-20 09:13 – Updated: 2025-08-20 15:25
VLAI?
Summary
In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2025.2.92387 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57731",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-20T15:25:36.966962Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-20T15:25:43.894Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2025.2.92387",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-20T09:13:59.700Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2025-57731",
    "datePublished": "2025-08-20T09:13:59.700Z",
    "dateReserved": "2025-08-18T16:11:20.831Z",
    "dateUpdated": "2025-08-20T15:25:43.894Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-54527 (GCVE-0-2025-54527)

Vulnerability from cvelistv5 – Published: 2025-07-28 16:20 – Updated: 2025-07-28 17:26
VLAI?
Summary
In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54527",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-28T17:26:11.203576Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-28T17:26:29.884Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2025.2.86935, \n2025.2.87167, \n2025.3.87341, \n2025.3.87344",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2025.2.86935, \n2025.2.87167, \n2025.3.87341, \n2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1021",
              "description": "CWE-1021",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T16:20:38.600Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2025-54527",
    "datePublished": "2025-07-28T16:20:38.600Z",
    "dateReserved": "2025-07-24T11:12:07.461Z",
    "dateUpdated": "2025-07-28T17:26:29.884Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-53959 (GCVE-0-2025-53959)

Vulnerability from cvelistv5 – Published: 2025-07-15 16:26 – Updated: 2025-07-15 17:21
VLAI?
Summary
In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2025.2.86069, 2024.3.85077, 2025.1.86199 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53959",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-15T17:21:31.195359Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-15T17:21:45.428Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2025.2.86069, \n2024.3.85077, \n2025.1.86199",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2025.2.86069, \n2024.3.85077, \n2025.1.86199 email spoofing via an administrative API was possible"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-15T16:26:57.469Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2025-53959",
    "datePublished": "2025-07-15T16:26:57.469Z",
    "dateReserved": "2025-07-15T13:28:27.463Z",
    "dateUpdated": "2025-07-15T17:21:45.428Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-47850 (GCVE-0-2025-47850)

Vulnerability from cvelistv5 – Published: 2025-05-20 17:37 – Updated: 2025-05-20 17:51
VLAI?
Summary
In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2025.1.74704 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-47850",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-20T17:51:09.290809Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-20T17:51:14.017Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2025.1.74704",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-20T17:37:43.234Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2025-47850",
    "datePublished": "2025-05-20T17:37:43.234Z",
    "dateReserved": "2025-05-12T13:17:05.813Z",
    "dateUpdated": "2025-05-20T17:51:14.017Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-48391 (GCVE-0-2025-48391)

Vulnerability from cvelistv5 – Published: 2025-05-20 17:37 – Updated: 2025-05-20 17:51
VLAI?
Summary
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2025.1.76253 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48391",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-20T17:51:22.249064Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-20T17:51:27.480Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2025.1.76253",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-20T17:37:42.265Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2025-48391",
    "datePublished": "2025-05-20T17:37:42.265Z",
    "dateReserved": "2025-05-19T16:15:34.137Z",
    "dateUpdated": "2025-05-20T17:51:27.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24458 (GCVE-0-2025-24458)

Vulnerability from cvelistv5 – Published: 2025-01-21 17:23 – Updated: 2025-01-21 18:41
VLAI?
Summary
In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2024.3.55417 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24458",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-21T18:39:30.465948Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-21T18:41:51.242Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2024.3.55417",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-21T17:23:18.934Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2025-24458",
    "datePublished": "2025-01-21T17:23:18.934Z",
    "dateReserved": "2025-01-21T17:22:31.411Z",
    "dateUpdated": "2025-01-21T18:41:51.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24457 (GCVE-0-2025-24457)

Vulnerability from cvelistv5 – Published: 2025-01-21 17:23 – Updated: 2025-01-21 18:41
VLAI?
Summary
In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2024.3.55417 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24457",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-21T18:35:34.628804Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-21T18:41:57.529Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2024.3.55417",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-21T17:23:18.057Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2025-24457",
    "datePublished": "2025-01-21T17:23:18.057Z",
    "dateReserved": "2025-01-21T17:22:30.852Z",
    "dateUpdated": "2025-01-21T18:41:57.529Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-54158 (GCVE-0-2024-54158)

Vulnerability from cvelistv5 – Published: 2024-12-04 11:16 – Updated: 2024-12-04 14:09
VLAI?
Summary
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2024.3.52635 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-54158",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T14:04:37.684211Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T14:09:10.593Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2024.3.52635",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-173",
              "description": "CWE-173",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-04T11:16:27.904Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2024-54158",
    "datePublished": "2024-12-04T11:16:27.904Z",
    "dateReserved": "2024-11-29T19:00:20.261Z",
    "dateUpdated": "2024-12-04T14:09:10.593Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-54157 (GCVE-0-2024-54157)

Vulnerability from cvelistv5 – Published: 2024-12-04 11:16 – Updated: 2024-12-04 14:09
VLAI?
Summary
In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2024.3.52635 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-54157",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T14:04:45.507258Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T14:09:10.737Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2024.3.52635",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-04T11:16:27.323Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2024-54157",
    "datePublished": "2024-12-04T11:16:27.323Z",
    "dateReserved": "2024-11-29T19:00:19.889Z",
    "dateUpdated": "2024-12-04T14:09:10.737Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-54156 (GCVE-0-2024-54156)

Vulnerability from cvelistv5 – Published: 2024-12-04 11:16 – Updated: 2024-12-04 14:09
VLAI?
Summary
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2024.3.52635 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-54156",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T14:04:51.351708Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T14:09:10.904Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2024.3.52635",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-04T11:16:26.573Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2024-54156",
    "datePublished": "2024-12-04T11:16:26.573Z",
    "dateReserved": "2024-11-29T19:00:19.370Z",
    "dateUpdated": "2024-12-04T14:09:10.904Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-54155 (GCVE-0-2024-54155)

Vulnerability from cvelistv5 – Published: 2024-12-04 11:16 – Updated: 2024-12-04 14:09
VLAI?
Summary
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2024.3.51866 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-54155",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T14:04:58.126520Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T14:09:11.056Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2024.3.51866",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-04T11:16:25.997Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2024-54155",
    "datePublished": "2024-12-04T11:16:25.997Z",
    "dateReserved": "2024-11-29T19:00:18.864Z",
    "dateUpdated": "2024-12-04T14:09:11.056Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-54154 (GCVE-0-2024-54154)

Vulnerability from cvelistv5 – Published: 2024-12-04 11:16 – Updated: 2024-12-04 14:25
VLAI?
Summary
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2024.3.51866 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "youtrack",
            "vendor": "jetbrains",
            "versions": [
              {
                "lessThan": "2024.3.51866",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-54154",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T14:24:44.103024Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T14:25:35.177Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2024.3.51866",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-04T11:16:25.244Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2024-54154",
    "datePublished": "2024-12-04T11:16:25.244Z",
    "dateReserved": "2024-11-29T19:00:18.273Z",
    "dateUpdated": "2024-12-04T14:25:35.177Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-54153 (GCVE-0-2024-54153)

Vulnerability from cvelistv5 – Published: 2024-12-04 11:16 – Updated: 2024-12-04 14:09
VLAI?
Summary
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
CWE
Assigner
Impacted products
Vendor Product Version
JetBrains YouTrack Affected: 0 , < 2024.3.51866 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-54153",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T14:05:04.694329Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T14:09:11.280Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTrack",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2024.3.51866",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-04T11:16:24.494Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2024-54153",
    "datePublished": "2024-12-04T11:16:24.494Z",
    "dateReserved": "2024-11-29T19:00:17.592Z",
    "dateUpdated": "2024-12-04T14:09:11.280Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}