JetBrains YouTrack Punycode Encoding Spoofing Vulnerability
CVE-2024-54158 Published on December 4, 2024

In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding

NVD

Vulnerability Analysis

CVE-2024-54158 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

Improper Handling of Alternate Encoding

The software does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent.

Products Associated with CVE-2024-54158

Want to know whenever a new CVE is published for JetBrains Youtrack? stack.watch will email you.

JetBrains Youtrack

Affected Versions

JetBrains YouTrack:

Before 2024.3.52635 is affected.

Exploit Probability

EPSS

0.01%

Percentile

0.23%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.