Auto-attach vulnerability in YouTrack before 2024.2.34646
CVE-2024-38506

8.1HIGH

Key Information:

Vendor: Jetbrains
Status: Youtrack
Vendor: CVE Published:; 18 June 2024

What is CVE-2024-38506?

A vulnerability exists in JetBrains YouTrack versions prior to 2024.2.34646 that allows users lacking proper permissions to enable the auto-attach option for workflows. This flaw could potentially lead to unauthorized modifications in workflow management, raising concerns about the integrity and security of project management processes. The affected versions of YouTrack may expose critical aspects of project workflows to users who otherwise would not have access, increasing the risk of unintended actions and security breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

YouTrack 0 < 2024.2.34646

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 18, 2024
Vulnerability Reserved
Jun 18, 2024

JSON

Jetbrains

What is CVE-2024-38506?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.