11 matches found
CVE-2021-36209
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.
CVE-2021-37540
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.
CVE-2021-37541
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.
CVE-2021-25760
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.
CVE-2021-25757
In JetBrains Hub before 2020.1.12629, an open redirect was possible.
CVE-2021-43183
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.
CVE-2021-25759
In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user.
CVE-2021-43182
In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.
CVE-2021-43180
In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.
CVE-2021-43181
In JetBrains Hub before 2021.1.13690, stored XSS is possible.
CVE-2021-31901
In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group.