Lucene search

[email protected]NVD:CVE-2024-38504

HistoryJun 18, 2024 - 11:15 a.m.

CVE-2024-38504

2024-06-1811:15:51

CWE-862

[email protected]

web.nvd.nist.gov

jetbrains youtrack

guest user account

file attachment

security issue

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

17.8%

JSON

In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles

Affected configurations

Nvd

Node

jetbrainsyoutrackRange<2024.2.34646

VendorProductVersionCPE
jetbrainsyoutrack*cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jetbrains	youtrack	*	cpe:2.3:a:jetbrains:youtrack::::::::

References

www.jetbrains.com/privacy-security/issues-fixed/

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

17.8%

JSON

Related for NVD:CVE-2024-38504

vulnrichment1 cve1 cvelist1