Note:
This project will be discontinued after December 13, 2021. [more]
2019-07-03
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
Products | Youtrack |
Type | Improper Authorization (CWE-285) |
First patch | - None (likely due to unavailable code) |
Links | https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/ |