CVE-2024-38506

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Jun 18, 2024
Updated: Jun 20, 2024
CWE ID 862

Summary

CVE-2024-38506 is a vulnerability affecting JetBrains YouTrack versions prior to 2024.2.34646. This issue allows users without the necessary permissions to enable the auto-attach option for workflows, potentially leading to unintended changes or unauthorized access to attached files. This could result in security risks and disruptions to standard workflow processes. Organizations using YouTrack are advised to upgrade to the latest version to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • JetBrains YouTrack

Affected Vendors

  • JetBrains