CVE-2024-35299

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published May 16, 2024

CWE ID 295

Summary

CVE-2024-35299 is a vulnerability affecting JetBrains YouTrack versions prior to 2024.1.29548. This issue arises due to insufficient certificate hostname validation during SMTPS protocol communication, potentially allowing man-in-the-middle attacks. An attacker could impersonate a trusted email server, intercepting and modifying email traffic, which could lead to unauthorized access or data theft. Users are encouraged to upgrade to the latest version of YouTrack to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

JetBrains YouTrack

Affected Vendors

JetBrains

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/v9aZ_E
https://www.cve.org/CVERecord?id=CVE-2024-35299
https://nvd.nist.gov/vuln/detail/CVE-2024-35299

Back to Vulnerability Database