Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hub
(Jetbrains)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 28 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-03-27 | CVE-2022-48429 | In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible | Hub | 5.4 | ||
| 2023-04-24 | CVE-2022-48477 | In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing | Hub | 9.8 | ||
| 2024-06-18 | CVE-2024-38507 | In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible | Hub | 5.4 | ||
| 2024-10-28 | CVE-2024-50573 | In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services | Hub | 5.4 | ||
| 2019-10-31 | CVE-2019-18360 | In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery. | Hub | 5.3 | ||
| 2020-04-22 | CVE-2020-11691 | In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible. | Hub | 7.5 | ||
| 2019-10-01 | CVE-2019-14955 | In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented. | Hub | N/A | ||
| 2019-07-03 | CVE-2019-12847 | In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period. | Hub | 7.2 |