CVE-2024-49579

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.47197

Description: The issue is related to insufficient validation of the communication channel source in the iframe plugin of JetBrains YouTrack. This can allow an attacker to execute arbitrary JavaScript code and make unauthorized API requests.

Recommendations: For versions prior to 2024.3.47197, update to version 2024.3.47197 or later to resolve the issue. As a temporary workaround, consider disabling the iframe plugin until a patch is available. Restrict access to the iframe plugin to minimize the risk of exploitation. Avoid using the iframe plugin in the affected API endpoints until the issue is resolved.