Hub Security Vulnerabilities - February 2022

CVE-2022-24327

In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.

CVE-2022-24328

In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.

CVE-2022-25259

JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.

CVE-2022-25260

JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).

CVE-2022-25262

In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.