Lucene search

Hub Security Vulnerabilities - CVSS Score 5 - 6

cve

CVE-2019-14955

In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented.

5.3CVSS

5.3AI Score

0.001EPSS

2019-10-01 04:15 PM

cve

CVE-2019-18360

In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.

5.3CVSS

5.4AI Score

0.001EPSS

2019-10-31 03:15 PM

cve

CVE-2021-25760

In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.

5.3CVSS

5.1AI Score

0.001EPSS

2021-02-03 04:15 PM

cve

CVE-2022-34894

In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services

5.3CVSS

5.3AI Score

0.001EPSS

2022-07-01 10:15 AM

cve

CVE-2022-48429

In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible

5.4CVSS

5.2AI Score

0.001EPSS

2023-03-27 04:15 PM

cve

CVE-2024-38507

In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible

5.4CVSS

3.8AI Score

0.0004EPSS

2024-06-18 11:15 AM