Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hub
(Jetbrains)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 28 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-01-21 | CVE-2025-24456 | In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping | Hub | 8.8 | ||
| 2021-02-03 | CVE-2021-25757 | In JetBrains Hub before 2020.1.12629, an open redirect was possible. | Hub | 6.1 | ||
| 2021-02-03 | CVE-2021-25759 | In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user. | Hub | 6.5 | ||
| 2021-02-03 | CVE-2021-25760 | In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible. | Hub | 5.3 | ||
| 2021-05-11 | CVE-2021-31901 | In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group. | Hub | 7.5 | ||
| 2021-08-06 | CVE-2021-36209 | In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. | Hub | 9.8 | ||
| 2021-08-06 | CVE-2021-37540 | In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. | Hub | 6.5 | ||
| 2021-08-06 | CVE-2021-37541 | In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. | Hub | 6.1 | ||
| 2021-11-09 | CVE-2021-43183 | In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. | Hub | 9.8 | ||
| 2021-11-09 | CVE-2021-43180 | In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. | Hub | 7.5 |