In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24618
Reference (s):
- https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/
- https://blog.jetbrains.com
- https://youtrack.jetbrains.com/issue/JT-59265