Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Hub Security Vulnerabilities

cve
cve

CVE-2019-12847

In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period.

7.2CVSS

7AI Score

0.001EPSS

2019-07-03 07:15 PM
68
cve
cve

CVE-2019-14955

In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented.

5.3CVSS

5.3AI Score

0.001EPSS

2019-10-01 04:15 PM
55
cve
cve

CVE-2019-18360

In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.

5.3CVSS

5.4AI Score

0.001EPSS

2019-10-31 03:15 PM
28
cve
cve

CVE-2020-11691

In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.

7.5CVSS

7.5AI Score

0.001EPSS

2020-04-22 02:15 PM
30
cve
cve

CVE-2021-25757

In JetBrains Hub before 2020.1.12629, an open redirect was possible.

6.1CVSS

6.3AI Score

0.001EPSS

2021-02-03 04:15 PM
28
3
cve
cve

CVE-2021-25759

In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user.

6.5CVSS

6.4AI Score

0.001EPSS

2021-02-03 04:15 PM
27
3
cve
cve

CVE-2021-25760

In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.

5.3CVSS

5.1AI Score

0.001EPSS

2021-02-03 04:15 PM
27
2
cve
cve

CVE-2021-31901

In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group.

7.5CVSS

7.7AI Score

0.001EPSS

2021-05-11 12:15 PM
23
2
cve
cve

CVE-2021-36209

In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.

9.8CVSS

9.5AI Score

0.002EPSS

2021-08-06 02:15 PM
44
3
cve
cve

CVE-2021-37540

In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.

6.5CVSS

6.4AI Score

0.001EPSS

2021-08-06 02:15 PM
42
cve
cve

CVE-2021-37541

In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.

6.1CVSS

6.4AI Score

0.001EPSS

2021-08-06 02:15 PM
38
cve
cve

CVE-2021-43180

In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.

7.5CVSS

7.2AI Score

0.002EPSS

2021-11-09 04:15 PM
26
cve
cve

CVE-2021-43181

In JetBrains Hub before 2021.1.13690, stored XSS is possible.

6.1CVSS

5.9AI Score

0.001EPSS

2021-11-09 04:15 PM
22
cve
cve

CVE-2021-43182

In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.

7.5CVSS

7.4AI Score

0.001EPSS

2021-11-09 04:15 PM
24
cve
cve

CVE-2021-43183

In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.

9.8CVSS

9.5AI Score

0.003EPSS

2021-11-09 03:15 PM
29
cve
cve

CVE-2022-24327

In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.

7.5CVSS

7.5AI Score

0.002EPSS

2022-02-25 03:15 PM
654
cve
cve

CVE-2022-24328

In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.

6.5CVSS

6.5AI Score

0.001EPSS

2022-02-25 03:15 PM
58
cve
cve

CVE-2022-25259

JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.

6.1CVSS

6.2AI Score

0.001EPSS

2022-02-25 08:15 PM
87
cve
cve

CVE-2022-25260

JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).

9.1CVSS

9.2AI Score

0.002EPSS

2022-02-25 08:15 PM
80
4
cve
cve

CVE-2022-25262

In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.

9.8CVSS

9.4AI Score

0.002EPSS

2022-02-25 08:15 PM
126
cve
cve

CVE-2022-29811

In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.

6.1CVSS

4.8AI Score

0.001EPSS

2022-04-28 10:15 AM
49
cve
cve

CVE-2022-34894

In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services

5.3CVSS

5.3AI Score

0.001EPSS

2022-07-01 10:15 AM
45
4
cve
cve

CVE-2022-45471

In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address

7.5CVSS

7.4AI Score

0.001EPSS

2022-11-18 03:15 PM
28
8
cve
cve

CVE-2022-48429

In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible

5.4CVSS

5.2AI Score

0.001EPSS

2023-03-27 04:15 PM
24
cve
cve

CVE-2022-48477

In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing

9.8CVSS

9.3AI Score

0.002EPSS

2023-04-24 01:15 PM
22
cve
cve

CVE-2024-38507

In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible

5.4CVSS

3.8AI Score

0.0004EPSS

2024-06-18 11:15 AM
26