PT-2026-21903 · Jetbrains · Jetbrains Youtrack
Publicado
2026-02-25
·
Atualizado
2026-03-02
·
CVE-2026-28193
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
JetBrains YouTrack versions prior to 2025.3.121962
Description
The software allows applications to send requests to the app permissions endpoint without authorization. This could lead to unauthorized actions related to application permissions management. The affected endpoint is
/app permissions. The vulnerable component is the app permissions functionality.Recommendations
Update JetBrains YouTrack to version 2025.3.121962 or later.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Jetbrains Youtrack