Arbitrary User Comments on Behalf of Others Allowed in YouTrack Before 2024.1.25893
CVE-2024-28228

5.3MEDIUM

Key Information:

Vendor: Jetbrains
Status: Youtrack
Vendor: CVE Published:; 7 March 2024

What is CVE-2024-28228?

A vulnerability exists in JetBrains YouTrack that allows an attacker to create comments on behalf of any arbitrary user within the HelpDesk feature. This issue compromises the integrity of user communications and can lead to misinformation being presented to users. The flaw resides in the comment creation process before version 2024.1.25893, where insufficient validation checks were implemented, enabling unauthorized actions by malicious actors.

Affected Version(s)

YouTrack 0 < 2024.1.25893

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2024
Vulnerability Reserved
Mar 7, 2024

Jetbrains

What is CVE-2024-28228?

Affected Version(s)

References

CVSS V3.1

Timeline