CVE-2019-15041

JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
jetbrainsyoutrack
𝑥
< 2019.1.52545
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/
https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/