
Cloud Vulnerability DB
Eine von der Community geführte Datenbank für Schwachstellen
CVE-2026-57923 is an improper authorization vulnerability in JetBrains YouTrack that allows attackers to modify project settings via the app configurations endpoint. It affects all versions of YouTrack before 2026.2.16593 and was disclosed on June 26, 2026. The vulnerability carries a CVSS v3.1 base score of 7.5 (High) per NVD, though ENISA's EUVD rates it at 5.3 (Medium) (JetBrains Advisory, ENISA EUVD).
The root cause is a missing authorization check (CWE-862) on the app configurations endpoint in JetBrains YouTrack. An attacker can send crafted network requests to this endpoint without possessing the required project-level permissions, bypassing access controls and modifying project settings. No authentication appears to be required based on the CVSS vector (PR:N), making the attack remotely exploitable with low complexity and no user interaction required (JetBrains Advisory, ENISA EUVD).
Successful exploitation allows an unauthorized attacker to modify project settings within JetBrains YouTrack, resulting in a high integrity impact. Confidentiality and availability are not directly affected, but tampering with project configurations could disrupt workflows, alter access controls within projects, or introduce malicious configurations that affect downstream development processes. The scope is limited to the YouTrack instance itself, with no evidence of lateral movement potential beyond the application (JetBrains Advisory, ENISA EUVD).
JetBrains has released a patch in YouTrack version 2026.2.16593, which resolves the improper authorization issue. Users should upgrade to version 2026.2.16593 or later as the primary remediation step. As interim mitigations, administrators should restrict network access to the app configurations endpoint based on user roles and project permissions, and implement additional authorization controls to verify appropriate permissions before allowing project setting modifications (JetBrains Advisory).
Quelle: Dieser Bericht wurde mithilfe von KI erstellt
Kostenlose Schwachstellenbewertung
Bewerten Sie Ihre Cloud-Sicherheitspraktiken in 9 Sicherheitsbereichen, um Ihr Risikoniveau zu bewerten und Lücken in Ihren Abwehrmaßnahmen zu identifizieren.
Eine personalisierte Demo anfordern
"Die beste Benutzererfahrung, die ich je gesehen habe, bietet vollständige Transparenz für Cloud-Workloads."
"„Wiz bietet eine zentrale Oberfläche, um zu sehen, was in unseren Cloud-Umgebungen vor sich geht.“ "
"„Wir wissen, dass, wenn Wiz etwas als kritisch identifiziert, es auch wirklich kritisch ist.“"