Auto-attach vulnerability in YouTrack before 2024.2.34646
CVE-2024-38506

8.1HIGH

Key Information:

Vendor: Jetbrains
Status: Youtrack
Vendor: CVE Published:; 18 June 2024

Summary

A vulnerability exists in JetBrains YouTrack versions prior to 2024.2.34646 that allows users lacking proper permissions to enable the auto-attach option for workflows. This flaw could potentially lead to unauthorized modifications in workflow management, raising concerns about the integrity and security of project management processes. The affected versions of YouTrack may expose critical aspects of project workflows to users who otherwise would not have access, increasing the risk of unintended actions and security breaches.

Affected Version(s)

YouTrack 0 < 2024.2.34646

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 18, 2024
Vulnerability Reserved
Jun 18, 2024