Security Issues Resolved in YouTrack in 2017
Last year we resolved a series of security issues in YouTrack and Hub that were not included as part of the release notes. Starting this year, we are planning to share quarterly reports about which security issues were fixed in YouTrack.
Below is a summary of some of the more important security issues resolved, including the description and the version that was affected and in which they were resolved.
|Insufficient verification of issue linkage permission within the creation of a linked issue led to unauthorized linking of a newly created issue. JT-25321
|Entering invalid credentials with Jira integration enabled unauthorized access as a previously authorized user. JT-40364, JPS-5307
|Mentioning a user in a comment with limited visibility triggered an email notification to the user, even though they could not access the comment. JT-41146
|A BEAST attack could be performed on a YouTrack InCloud setup. JT-42572
|Mobile version of YouTrack allowed a visitor to access comments with visibility limited to a certain user. JT-44043, JT-44052
|Issue content could be accessed by a disabled guest user. JT-44255, JT-45284
|Hub authorization module was vulnerable to content spoofing. JPS-5878
|Hub was vulnerable to a clickjacking attack. JPS-7209
The latest versions of YouTrack with fixes for the different issues are available on our website. If you’re using YouTrack InCloud, please note that no action is required on your part.
If you need any further assistance, please contact our Support Engineers.
Your YouTrack Team
The Drive to Develop
Subscribe to Blog updates
Watch our YouTrack Helpdesk Online Demo
In this livestream, we dive deep into YouTrack Helpdesk's capabilities for support teams and internal service desks.
Discover the Power of JetBrains AI in YouTrack for Free
The power of generative AI is now freely available to teams using YouTrack! AI Assistant, powered by JetBrains AI, is available in YouTrack 2023.3.
YouTrack Now With Improved Knowledge Base Collaboration
The YouTrack 2023.2 release brings powerful updates to article collaboration in the Knowledge Base, improves the experience of both support teams and customers within helpdesk projects, adds Turkish language support, and supercharges YouTrack’s performance for everyone working with tasks.