Incomplete Access Token Protection in JetBrains YouTrack Mobile on iOS
CVE-2021-43188

7.3HIGH

Key Information:

Vendor

Jetbrains
Status
Youtrack Mobile
Vendor
CVE Published:
9 November 2021

What is CVE-2021-43188?

The JetBrains YouTrack Mobile application for iOS contains a significant flaw regarding access token protection, which is incomplete in versions prior to 2021.2. This vulnerability may expose sensitive information or allow unauthorized access to user accounts, emphasizing the need for enhanced security measures within mobile applications. Users are encouraged to update to the latest version to mitigate potential risks.

References

https://blog.jetbrains.com/blog/2021/11/08/jetbrains-secu...
x_refsource_MISC

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.