In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NJetbrains Youtrack
APPJetbrains< 2021.1.11111
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2022-24442CRITICAL9.8ten sam produkt
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker ...
CVE-2021-43185CRITICAL9.8ten sam produkt
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.
CVE-2021-25770CRITICAL9.8ten sam produkt
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead...
CVE-2019-12852CRITICAL9.8ten sam produkt
An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack...
CVE-2019-12867CRITICAL9.8ten sam produkt
Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fi...