Main Vulnerability Database Vulnerabilities #VU22491

Improper preservation of permissions in YouTrack - CVE-2019-14956

Published: November 4, 2019

Vulnerability identifier: #VU22491

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-14956

CWE-ID:

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: JetBrains s.r.o.

Affected software:
YouTrack

Detailed vulnerability description

The vulnerability allows a remote user to gain sensitive information on the target system.

The vulnerability exists due to the affected software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects. A remote authenticated user without necessary permissions can get a list of project names.

How to mitigate CVE-2019-14956

Install updates from vendor's website.

Sources

https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/

Improper preservation of permissions in YouTrack - CVE-2019-14956

Detailed vulnerability description

How to mitigate CVE-2019-14956

Sources

Please verify you're human