CVE-2022-24442

CRITICAL

JetBrains YouTrack <2021.4.40426 - SSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-24442. PoCs published by mbadanoiu.

AI-analyzed exploit summary This repository provides a writeup for CVE-2022-24442, a Server-Side Template Injection (SSTI) vulnerability in JetBrains YouTrack. The vulnerability allows attackers with valid credentials to achieve Remote Code Execution (RCE) by exploiting FreeMarker template injection in notification files.

Description

JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

Exploits (1)

nomisec WRITEUP
by mbadanoiu · poc
https://github.com/mbadanoiu/CVE-2022-24442

This repository provides a writeup for CVE-2022-24442, a Server-Side Template Injection (SSTI) vulnerability in JetBrains YouTrack. The vulnerability allows attackers with valid credentials to achieve Remote Code Execution (RCE) by exploiting FreeMarker template injection in notification files.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: JetBrains YouTrack
Auth required
Prerequisites: Valid user credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://blog.jetbrains.com

Scores

CVSS v3 9.8
EPSS 0.0363
EPSS Percentile 88.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
jetbrains/youtrack < 2021.4.40426
Published Feb 25, 2022
Tracked Since Feb 18, 2026