Primary

Context

JetBrains YouTrack Account Takeover Vulnerability via Spoofed Email and Helpdesk Integration

Vulnerability

Patched

A vulnerability allowing account takeover was identified in JetBrains YouTrack versions prior to 2024.3.55417. This issue arose from the improper handling of email headers, which enabled spoofing attacks. The vulnerability was exacerbated by the integration of YouTrack with Helpdesk, allowing unauthorized users to manipulate issue comments and attachments.

Impact

Exploitation of this vulnerability could lead to unauthorized access to user accounts, allowing attackers to impersonate victims and potentially access or modify sensitive information.

Remediation

Users can update to JetBrains YouTrack version 2024.3.55417 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JetBrains YouTrack Account Takeover Vulnerability via Spoofed Email and Helpdesk Integration

Vulnerability

Impact

Remediation

Affected Products

JetBrains YouTrack

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating