Lucene search

JetBrainsCVELIST:CVE-2024-38505

HistoryJun 18, 2024 - 10:42 a.m.

CVE-2024-38505

2024-06-1810:42:07

JetBrains

www.cve.org

jetbrains

youtrack

user access token

leak

security issue

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

37.7%

JSON

In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site

CNA Affected

[
  {
    "vendor": "JetBrains",
    "product": "YouTrack",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThan": "2024.2.34646",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.jetbrains.com/privacy-security/issues-fixed/

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

37.7%

JSON

Related for CVELIST:CVE-2024-38505