
PEACH
Uma estrutura de isolamento de inquilino
CVE-2026-57923 is an improper authorization vulnerability in JetBrains YouTrack that allows attackers to modify project settings via the app configurations endpoint. It affects all versions of YouTrack before 2026.2.16593 and was disclosed on June 26, 2026. The vulnerability carries a CVSS v3.1 base score of 7.5 (High) per NVD, though ENISA's EUVD rates it at 5.3 (Medium) (JetBrains Advisory, ENISA EUVD).
The root cause is a missing authorization check (CWE-862) on the app configurations endpoint in JetBrains YouTrack. An attacker can send crafted network requests to this endpoint without possessing the required project-level permissions, bypassing access controls and modifying project settings. No authentication appears to be required based on the CVSS vector (PR:N), making the attack remotely exploitable with low complexity and no user interaction required (JetBrains Advisory, ENISA EUVD).
Successful exploitation allows an unauthorized attacker to modify project settings within JetBrains YouTrack, resulting in a high integrity impact. Confidentiality and availability are not directly affected, but tampering with project configurations could disrupt workflows, alter access controls within projects, or introduce malicious configurations that affect downstream development processes. The scope is limited to the YouTrack instance itself, with no evidence of lateral movement potential beyond the application (JetBrains Advisory, ENISA EUVD).
JetBrains has released a patch in YouTrack version 2026.2.16593, which resolves the improper authorization issue. Users should upgrade to version 2026.2.16593 or later as the primary remediation step. As interim mitigations, administrators should restrict network access to the app configurations endpoint based on user roles and project permissions, and implement additional authorization controls to verify appropriate permissions before allowing project setting modifications (JetBrains Advisory).
Origem: Este relatório foi gerado usando IA
Avaliação de vulnerabilidade gratuita
Avalie suas práticas de segurança na nuvem em 9 domínios de segurança para comparar seu nível de risco e identificar lacunas em suas defesas.
Marque uma demonstração personalizada
"A melhor experiência do usuário que eu já vi, fornece visibilidade total para cargas de trabalho na nuvem."
"A Wiz fornece um único painel de vidro para ver o que está acontecendo em nossos ambientes de nuvem."
"Sabemos que se a Wiz identifica algo como crítico, na verdade é."