PT-2022-16700 · Jetbrains · Youtrack
Published
2022-02-25
·
Updated
2023-08-08
·
CVE-2022-24442
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
JetBrains YouTrack versions prior to 2021.4.40426
Description
The issue concerns Server-Side Template Injection (SSTI) via FreeMarker templates. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents.
Recommendations
For versions prior to 2021.4.40426, update to version 2021.4.40426 or later to resolve the issue. As a temporary workaround, consider restricting access to FreeMarker templates until the update is applied.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Youtrack