Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14955 | 1 Jetbrains | 1 Hub | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented. | |||||
| CVE-2019-12847 | 1 Jetbrains | 1 Hub | 2024-11-21 | 4.0 MEDIUM | 7.2 HIGH |
| In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period. | |||||
| CVE-2024-50573 | 1 Jetbrains | 1 Hub | 2024-10-29 | N/A | 5.4 MEDIUM |
| In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services | |||||
| CVE-2024-38507 | 1 Jetbrains | 1 Hub | 2024-08-23 | N/A | 5.4 MEDIUM |
| In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible | |||||
| CVE-2022-48477 | 1 Jetbrains | 1 Hub | 2024-02-28 | N/A | 9.8 CRITICAL |
| In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing | |||||
| CVE-2022-48429 | 1 Jetbrains | 1 Hub | 2024-02-28 | N/A | 5.4 MEDIUM |
| In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible | |||||
| CVE-2022-45471 | 1 Jetbrains | 1 Hub | 2024-02-28 | N/A | 7.5 HIGH |
| In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address | |||||