In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.
youtrack
CVE-2020-24618
In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.
CVE-2020-15817
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.
CVE-2019-14953
JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser.
CVE-2021-43186
JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.
CVE-2021-43185
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.