Note:
This project will be discontinued after December 13, 2021. [more]
2019-07-03
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
| Products | Youtrack |
| Type | Improper Authorization (CWE-285) |
| First patch | - None (likely due to unavailable code) |
| Links | https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/ |