Certificate Hostname Validation Flaw in YouTrack Before 2024.1.29548
CVE-2024-35299

7.5HIGH

Key Information:

Vendor: Jetbrains
Status: Youtrack
Vendor: CVE Published:; 16 May 2024

Summary

In JetBrains YouTrack, prior to version 2024.1.29548, an issue was identified in the SMTPS protocol that resulted in inadequate validation of certificate hostnames. This vulnerability potentially allows attackers to exploit improper certificate validation, leading to potential security breaches. Users are highly encouraged to update their software to the latest version to safeguard against these risks.

Affected Version(s)

YouTrack 0 < 2024.1.29548

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 16, 2024
Vulnerability Reserved
May 16, 2024