CRITICAL🇬🇧 English

CVE-2019-12852

CVSS 9.8v3.0pub. 2019-07-03upd. 2024-11-21

An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Jetbrains Youtrack

    APP
    Jetbrains
    < 2018.4.49168
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SSRF
CWE
Referencje

Powiązane podatności

CVE-2022-24442CRITICAL9.8ten sam produkt

JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker ...

CVE-2021-43185CRITICAL9.8ten sam produkt

JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.

CVE-2021-37549CRITICAL9.1ten sam produkt

In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.

CVE-2021-25770CRITICAL9.8ten sam produkt

In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead...

CVE-2019-12866CRITICAL9.8ten sam produkt

An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in ...

CVE-2019-12852 — CRITICAL 9.8 | CVEbaza.pl