In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented.
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.
5.3CVSS
5.4AI Score
0.001EPSS
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.
5.3CVSS
5.1AI Score
0.001EPSS
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible
5.4CVSS
3.8AI Score
0.0004EPSS