In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.

In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.

Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.

JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.

In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.

In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.

JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.

In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.

JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.

In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.