CVE-2020-24618

In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
jetbrainsyoutrack
𝑥
< 2019.1.65514
jetbrainsyoutrack
2019.2.0 ≤
𝑥
< 2019.2.65515
jetbrainsyoutrack
2019.3 ≤
𝑥
< 2019.3.65516
jetbrainsyoutrack
2020.1 ≤
𝑥
< 2020.1.11011
jetbrainsyoutrack
2020.2 ≤
𝑥
< 2020.2.11008
jetbrainsyoutrack
2020.3 ≤
𝑥
< 2020.3.4313
𝑥
= Vulnerable software versions
References
https://blog.jetbrains.com
https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/
https://youtrack.jetbrains.com/issue/JT-59265
https://blog.jetbrains.com
https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/
https://youtrack.jetbrains.com/issue/JT-59265