PT-2024-2099 · Jetbrains · Jetbrains Youtrack
Published
2024-03-06
·
Updated
2024-12-16
·
CVE-2024-28228
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
JetBrains YouTrack versions prior to 2024.1.25893
Description
The issue is related to authentication bypass via spoofing, allowing a remote attacker to create comments on behalf of an arbitrary user. This can be exploited in the HelpDesk component of JetBrains YouTrack.
Recommendations
For versions prior to 2024.1.25893, update to version 2024.1.25893 or later to resolve the issue. As a temporary workaround, consider restricting access to the HelpDesk component to minimize the risk of exploitation.
Fix
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jetbrains Youtrack