Path Traversal Vulnerability in YouTrack Plugin Sandbox Could Lead to System Takeover
CVE-2024-54154

9.8CRITICAL

Key Information:

Vendor: JetBrains
Status: Youtrack
Vendor: CVE Published:; 4 December 2024

Summary

A vulnerability in JetBrains YouTrack prior to version 2024.3.51866 allows for a potential system takeover due to improperly secured paths in the plugin sandbox. This could enable an attacker to manipulate file access and execute unauthorized actions within the application, compromising the integrity of the environment.

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 4, 2024