JetBrains YouTrack Instance Security Issue Post Mortem

Valerie Andrianova

Last Friday, August 7, around 5 PM GMT we experienced a security issue on our production instance at youtrack.jetbrains.com.

For about an hour, all external users and guest accounts obtained permissions to all of our projects, including internal ones. Issues, comments, and attached files in public projects that were restricted by permitted user group were not affected. The issue was caused by an administration failure during the permission synchronization process.

The issue was detected and fixed within an hour thanks to our Operation team. We’ve also received bug reports from our external users at the same time. We’ve carefully checked the access logs to make sure that no private customers data were accessed and no important internal information was affected.

We offer our deepest apologies to all our internal and external users. We’ve made our best to prevent such problems in the future by adding security tests covering more access scenarios.

Thank you for your understanding and patience, we really appreciate it.

Subscribe to YouTrack Blog updates

Subscribe form

By submitting this form, I agree to the JetBrains Privacy Policy Notification icon

By submitting this form, I agree that JetBrains s.r.o. ("JetBrains") may use my name, email address, and location data to send me newsletters, including commercial communications, and to process my personal data for this purpose. I agree that JetBrains may process said data using third-party services for this purpose in accordance with the JetBrains Privacy Policy. I understand that I can revoke this consent at any time in my profile. In addition, an unsubscribe link is included in each email.

Submit

Thanks, we've got you!