URL Scheme Hijacking in JetBrains YouTrack Mobile
CVE-2021-43192

5.3MEDIUM

Key Information:

Vendor: Jetbrains
Status: Youtrack Mobile
Vendor: CVE Published:; 9 November 2021

Summary

A vulnerability in JetBrains YouTrack Mobile allows for iOS URL scheme hijacking. This issue occurs because the application does not properly validate incoming URL schemes. An attacker could exploit this flaw to redirect users to malicious sites, potentially compromising user data or initiating unauthorized actions within the app. It is crucial for users of JetBrains YouTrack Mobile to update to the latest version to mitigate the risks associated with this vulnerability.

References

https://blog.jetbrains.com/blog/2021/11/08/jetbrains-secu...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 9, 2021
Vulnerability Reserved
Nov 2, 2021