CVE-2024-54158
LOWDescription
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| jetbrains | youtrack |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-54158? +
How severe is CVE-2024-54158? +
What products are affected by CVE-2024-54158? +
How do I check if I'm vulnerable to CVE-2024-54158? +
Related Vulnerabilities
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA …
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation