Vulnerabilities (CVE)

Filtered by vendor Jetbrains Subscribe
Filtered by product Hub
Total 27 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-50573 1 Jetbrains 1 Hub 2024-10-29 N/A 5.4 MEDIUM
In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
CVE-2024-38507 1 Jetbrains 1 Hub 2024-08-23 N/A 5.4 MEDIUM
In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible
CVE-2022-48477 1 Jetbrains 1 Hub 2024-02-28 N/A 9.8 CRITICAL
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
CVE-2022-48429 1 Jetbrains 1 Hub 2024-02-28 N/A 5.4 MEDIUM
In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
CVE-2022-45471 1 Jetbrains 1 Hub 2024-02-28 N/A 7.5 HIGH
In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address
CVE-2022-25262 1 Jetbrains 1 Hub 2024-02-28 7.5 HIGH 9.8 CRITICAL
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.
CVE-2022-24327 1 Jetbrains 1 Hub 2024-02-28 5.0 MEDIUM 7.5 HIGH
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.
CVE-2022-29811 1 Jetbrains 1 Hub 2024-02-28 3.5 LOW 4.8 MEDIUM
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
CVE-2022-24328 1 Jetbrains 1 Hub 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.
CVE-2022-34894 1 Jetbrains 1 Hub 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
CVE-2022-25260 1 Jetbrains 1 Hub 2024-02-28 6.4 MEDIUM 9.1 CRITICAL
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
CVE-2022-25259 1 Jetbrains 1 Hub 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.
CVE-2021-43183 1 Jetbrains 1 Hub 2024-02-28 7.5 HIGH 9.8 CRITICAL
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.
CVE-2021-43181 1 Jetbrains 1 Hub 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
In JetBrains Hub before 2021.1.13690, stored XSS is possible.
CVE-2021-43180 1 Jetbrains 1 Hub 2024-02-28 5.0 MEDIUM 7.5 HIGH
In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.
CVE-2021-43182 1 Jetbrains 1 Hub 2024-02-28 5.0 MEDIUM 7.5 HIGH
In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.
CVE-2021-37540 1 Jetbrains 1 Hub 2024-02-28 6.4 MEDIUM 6.5 MEDIUM
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.
CVE-2021-36209 1 Jetbrains 1 Hub 2024-02-28 7.5 HIGH 9.8 CRITICAL
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.
CVE-2021-31901 1 Jetbrains 1 Hub 2024-02-28 5.0 MEDIUM 7.5 HIGH
In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group.
CVE-2021-37541 1 Jetbrains 1 Hub 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.