CVE-2020-25208

Medium

In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.

mitre·CWE-276·Published 2021-02-03

CVSS

5.3

EPSS

0.01

KEV

Exploits

cve.orgen

125 chars

In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.

NVDen

125 chars

In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.

NVDes

146 chars

En JetBrains YouTrack versiones anteriores a 2020.4.4701, un atacante podía enumerar usuarios por medio de la API REST sin los permisos apropiados

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N