CVE-2024-54158: 
YouTrack vulnerability analysis and mitigation

In JetBrains YouTrack before version 2024.3.52635, a potential spoofing attack vulnerability was discovered due to lack of Punycode encoding. The vulnerability was assigned CVE-2024-54158 and was disclosed on December 4, 2024. This security issue affects JetBrains YouTrack installations that have not been updated to the latest version (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) by NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, and requires no user interaction. The vulnerability is associated with CWE-290 (Authentication Bypass by Spoofing) and CWE-173 (Improper Handling of Alternate Encoding) (NVD).

The vulnerability could potentially allow attackers to perform spoofing attacks due to improper handling of Punycode encoding. The impact primarily affects the integrity of the system with a low severity, while confidentiality and availability remain unaffected (NVD).

The recommended mitigation is to upgrade JetBrains YouTrack to version 2024.3.52635 or later, which contains the fix for this vulnerability (JetBrains Advisory).