Permanent Token Exposure in JetBrains YouTrack - JetBrains
CVE-2025-24457

5.5MEDIUM

Key Information:

Vendor: Jetbrains
Status: Youtrack
Vendor: CVE Published:; 21 January 2025

What is CVE-2025-24457?

In JetBrains YouTrack versions prior to 2024.3.55417, an issue has been identified where permanent tokens may inadvertently be exposed in application logs. This vulnerability can potentially allow unauthorized access to sensitive authentication tokens, leading to security risks for users. It is essential for users running affected versions to review their log management practices and update to the latest version of YouTrack to mitigate any potential risks. For further information and guidance on this issue, please refer to JetBrains' official security update page.

Affected Version(s)

YouTrack 0 < 2024.3.55417

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Jan 21, 2025

Jetbrains

What is CVE-2025-24457?

Affected Version(s)

References

CVSS V3.1

Timeline