
PEACH
Un cadre d’isolation des locataires
CVE-2026-57923 is an improper authorization vulnerability in JetBrains YouTrack that allows attackers to modify project settings via the app configurations endpoint. It affects all versions of YouTrack before 2026.2.16593 and was disclosed on June 26, 2026. The vulnerability carries a CVSS v3.1 base score of 7.5 (High) per NVD, though ENISA's EUVD rates it at 5.3 (Medium) (JetBrains Advisory, ENISA EUVD).
The root cause is a missing authorization check (CWE-862) on the app configurations endpoint in JetBrains YouTrack. An attacker can send crafted network requests to this endpoint without possessing the required project-level permissions, bypassing access controls and modifying project settings. No authentication appears to be required based on the CVSS vector (PR:N), making the attack remotely exploitable with low complexity and no user interaction required (JetBrains Advisory, ENISA EUVD).
Successful exploitation allows an unauthorized attacker to modify project settings within JetBrains YouTrack, resulting in a high integrity impact. Confidentiality and availability are not directly affected, but tampering with project configurations could disrupt workflows, alter access controls within projects, or introduce malicious configurations that affect downstream development processes. The scope is limited to the YouTrack instance itself, with no evidence of lateral movement potential beyond the application (JetBrains Advisory, ENISA EUVD).
JetBrains has released a patch in YouTrack version 2026.2.16593, which resolves the improper authorization issue. Users should upgrade to version 2026.2.16593 or later as the primary remediation step. As interim mitigations, administrators should restrict network access to the app configurations endpoint based on user roles and project permissions, and implement additional authorization controls to verify appropriate permissions before allowing project setting modifications (JetBrains Advisory).
Source: Ce rapport a été généré à l’aide de l’IA
Évaluation gratuite des vulnérabilités
Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.
Obtenez une démo personnalisée
"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."