Search Results | AttackerKB

248 Total Results

Displaying 21-30 of 248

Attacker Value

Unknown

CVE-2024-54158

Disclosure Date: December 04, 2024 (last updated February 27, 2025)

In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding

Attacker Value

Unknown

CVE-2024-54157

Disclosure Date: December 04, 2024 (last updated February 27, 2025)

In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2024-54156

Disclosure Date: December 04, 2024 (last updated February 27, 2025)

In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2024-54155

Disclosure Date: December 04, 2024 (last updated February 27, 2025)

In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2024-54154

Disclosure Date: December 04, 2024 (last updated February 27, 2025)

In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2024-54153

Disclosure Date: December 04, 2024 (last updated February 27, 2025)

In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2024-50582

Disclosure Date: October 28, 2024 (last updated February 26, 2025)

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements

Attack Vector: Network Privileges: Low User Interaction: Required

Attacker Value

Unknown

CVE-2024-50581

Disclosure Date: October 28, 2024 (last updated February 26, 2025)

In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag

Attack Vector: Network Privileges: Low User Interaction: Required

Attacker Value

Unknown

CVE-2024-50580

Disclosure Date: October 28, 2024 (last updated February 26, 2025)

In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule

Attack Vector: Network Privileges: Low User Interaction: Required

Attacker Value

Unknown

CVE-2024-50579

Disclosure Date: October 28, 2024 (last updated February 26, 2025)

In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible

Attack Vector: Network Privileges: None User Interaction: Required

248 Total Results

Displaying 21-30 of 248

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification