Search Results | AttackerKB

100 Total Results

Displaying 1-10 of 100

Attacker Value

Unknown

CVE-2025-24458

Disclosure Date: January 21, 2025 (last updated January 31, 2025)

In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration

Attacker Value

Unknown

CVE-2025-24457

Disclosure Date: January 21, 2025 (last updated January 31, 2025)

In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs

Attack Vector: Local Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2024-54158

Disclosure Date: December 04, 2024 (last updated January 31, 2025)

In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2024-54157

Disclosure Date: December 04, 2024 (last updated January 31, 2025)

In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2024-54156

Disclosure Date: December 04, 2024 (last updated January 31, 2025)

In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2024-54155

Disclosure Date: December 04, 2024 (last updated February 01, 2025)

In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2024-54154

Disclosure Date: December 04, 2024 (last updated February 01, 2025)

In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2024-54153

Disclosure Date: December 04, 2024 (last updated February 01, 2025)

In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2024-50582

Disclosure Date: October 28, 2024 (last updated October 30, 2024)

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements

Attack Vector: Network Privileges: Low User Interaction: Required

Attacker Value

Unknown

CVE-2024-50581

Disclosure Date: October 28, 2024 (last updated October 30, 2024)

In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag

Attack Vector: Network Privileges: Low User Interaction: Required

100 Total Results

Displaying 1-10 of 100

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification