CVE-2023-50871

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 15, 2023

Updated: Dec 19, 2023

CWE ID 285

Summary

CVE-2023-50871 is a vulnerability affecting JetBrains YouTrack before version 2023.3.22268. This issue involves a missed authorization check for inline comments inside thread replies, potentially allowing unauthorized users to post comments in threads they should not have access to. This vulnerability poses a risk for information disclosure and could lead to security breaches if exploited. Users are advised to update to the latest version of YouTrack to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

JetBrains YouTrack

Affected Vendors

JetBrains

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tz3d3I
https://www.cve.org/CVERecord?id=CVE-2023-50871
https://nvd.nist.gov/vuln/detail/CVE-2023-50871

Back to Vulnerability Database