8 matches found
CVE-2022-24327
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.
CVE-2022-25262
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.
CVE-2022-25259
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.
CVE-2022-25260
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
CVE-2022-24328
In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.
CVE-2022-34894
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
CVE-2022-29811
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
CVE-2022-45471
In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address