Improper captcha validation in JetBrains YouTrack Helpdesk forms
CVE-2023-38068

6.5MEDIUM

Key Information:

Vendor: Jetbrains
Status: Youtrack
Vendor: CVE Published:; 12 July 2023

What is CVE-2023-38068?

In JetBrains YouTrack versions prior to 2023.1.16597, the captcha mechanism for Helpdesk forms failed to validate user input correctly, potentially allowing automated submissions. This lapse in validation may expose sensitive functions and data, making it crucial for users to update their installations to ensure security.

Affected Version(s)

YouTrack 0 < 2023.1.16597

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2023
Vulnerability Reserved
Jul 12, 2023

Jetbrains

What is CVE-2023-38068?

Affected Version(s)

References

CVSS V3.1

Timeline