| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API |
| In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations |
| In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit |
| In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address |
| In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
|
| In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
|
| In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping |
| In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible |
| In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services |
| In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. |
| In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. |
| JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). |
| JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. |
| In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. |
| In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. |
| In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. |
| In JetBrains Hub before 2021.1.13415, a DoS via user information is possible. |
| In JetBrains Hub before 2021.1.13690, stored XSS is possible. |
| In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. |
| In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. |
