Security Issues Resolved in YouTrack in 2017
Last year we resolved a series of security issues in YouTrack and Hub that were not included as part of the release notes. Starting this year, we are planning to share quarterly reports about which security issues were fixed in YouTrack.
Below is a summary of some of the more important security issues resolved, including the description and the version that was affected and in which they were resolved.
|Description||Severity||Affected versions||Resolved in|
|Insufficient verification of issue linkage permission within the creation of a linked issue led to unauthorized linking of a newly created issue. JT-25321||Low||<2017.3.x||2017.3.33585|
|Entering invalid credentials with Jira integration enabled unauthorized access as a previously authorized user. JT-40364, JPS-5307||Moderate||2017.1.x||2017.1.31650|
|Mentioning a user in a comment with limited visibility triggered an email notification to the user, even though they could not access the comment. JT-41146||Moderate||2017.2.31873||2017.3.37198|
|A BEAST attack could be performed on a YouTrack InCloud setup. JT-42572||Moderate||<2017.3.34922||2017.3.34922|
|Mobile version of YouTrack allowed a visitor to access comments with visibility limited to a certain user. JT-44043, JT-44052||High||2017.2.33766||2017.4.37623|
|Issue content could be accessed by a disabled guest user. JT-44255, JT-45284||Critical||2017.3.37328||2017.4.39083|
|Hub authorization module was vulnerable to content spoofing. JPS-5878||Note||<2017.2.5942||2017.2.5942|
|Hub was vulnerable to a clickjacking attack. JPS-7209||High||<2017.4.8040||2017.4.8040|
The latest versions of YouTrack with fixes for the different issues are available on our website. If you’re using YouTrack InCloud, please note that no action is required on your part.
If you need any further assistance, please contact our Support Engineers.
Your YouTrack Team
The Drive to Develop
Subscribe to Blog updates
Thanks, we've got you!
Helpdesk Projects Arrive in YouTrack
YouTrack 2023.1 introduces YouTrack Helpdesk, which enables you to streamline your customer support services for both external and internal clients.
YouTrack Roadmap 2023
Our product commitment and aspirations. What we’re working on. Broad goals for 2023 and beyond
Watch the “YouTrack Project Management: Essentials for Getting Started” Online Demo
You’ll get an overview of how to manage your tasks and projects easily, work with your team’s Agile boards, use powerful time tracking, create Gantt charts effectively, and see what’s going on with reports and dashboards.