Filtered by vendor Jetbrains
Subscriptions
Filtered by product Hub
Subscriptions
Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-50573 | 1 Jetbrains | 1 Hub | 2024-10-29 | 4.3 Medium |
| In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services | ||||
| CVE-2024-38507 | 1 Jetbrains | 1 Hub | 2024-08-23 | 3.5 Low |
| In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible | ||||
| CVE-2019-18360 | 1 Jetbrains | 1 Hub | 2024-08-05 | 5.3 Medium |
| In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery. | ||||
| CVE-2019-14955 | 1 Jetbrains | 1 Hub | 2024-08-05 | 5.3 Medium |
| In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented. | ||||
| CVE-2019-12847 | 1 Jetbrains | 1 Hub | 2024-08-04 | N/A |
| In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period. | ||||
| CVE-2020-11691 | 1 Jetbrains | 1 Hub | 2024-08-04 | 7.5 High |
| In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible. | ||||
| CVE-2021-43181 | 1 Jetbrains | 1 Hub | 2024-08-04 | 6.1 Medium |
| In JetBrains Hub before 2021.1.13690, stored XSS is possible. | ||||
| CVE-2021-43180 | 1 Jetbrains | 1 Hub | 2024-08-04 | 7.5 High |
| In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. | ||||
| CVE-2021-43183 | 1 Jetbrains | 1 Hub | 2024-08-04 | 9.8 Critical |
| In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. | ||||
| CVE-2021-43182 | 1 Jetbrains | 1 Hub | 2024-08-04 | 7.5 High |
| In JetBrains Hub before 2021.1.13415, a DoS via user information is possible. | ||||
| CVE-2021-37541 | 1 Jetbrains | 1 Hub | 2024-08-04 | 6.1 Medium |
| In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. | ||||
| CVE-2021-37540 | 1 Jetbrains | 1 Hub | 2024-08-04 | 6.5 Medium |
| In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. | ||||
| CVE-2021-36209 | 1 Jetbrains | 1 Hub | 2024-08-04 | 9.8 Critical |
| In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. | ||||
| CVE-2021-31901 | 1 Jetbrains | 1 Hub | 2024-08-03 | 7.5 High |
| In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group. | ||||
| CVE-2021-25759 | 1 Jetbrains | 1 Hub | 2024-08-03 | 6.5 Medium |
| In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user. | ||||
| CVE-2021-25760 | 1 Jetbrains | 1 Hub | 2024-08-03 | 5.3 Medium |
| In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible. | ||||
| CVE-2021-25757 | 1 Jetbrains | 1 Hub | 2024-08-03 | 6.1 Medium |
| In JetBrains Hub before 2020.1.12629, an open redirect was possible. | ||||
| CVE-2022-48477 | 1 Jetbrains | 1 Hub | 2024-08-03 | 4.1 Medium |
| In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing | ||||
| CVE-2022-48429 | 1 Jetbrains | 1 Hub | 2024-08-03 | 4.6 Medium |
| In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible | ||||
| CVE-2022-45471 | 1 Jetbrains | 1 Hub | 2024-08-03 | 3.5 Low |
| In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address | ||||