Yurii SanininInfoSec Write-upsEye for an eye: Unusual single click JWT token takeoverThis story is about an unusual open redirect misconfiguration I found in JetBrains Datalore.Sep 5, 2021Sep 5, 2021
Yurii SanininMitmLabHow I found a primitive but critical broken access control vulnerability in YouTrack…Here is a story about how I found a primitive but critical vulnerability in JetBrains YouTrack.Aug 24, 20211Aug 24, 20211
Yurii SanininMitmLabCVE-2020–15823: Server-Side Request Forgery (SSRF) in JetBrains YouTrackMore than a year ago I discovered a misconfiguration that leads to SSRF in YouTrack, and here are detailed steps on how I did it.Jan 6, 2022Jan 6, 2022