Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hub
(Jetbrains)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 27 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2024-10-28 | CVE-2024-50573 | In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services | Hub | 5.4 | ||
2024-06-18 | CVE-2024-38507 | In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible | Hub | 5.4 | ||
2023-03-27 | CVE-2022-48429 | In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible | Hub | 5.4 | ||
2021-08-06 | CVE-2021-37540 | In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. | Hub | 6.5 | ||
2022-02-25 | CVE-2022-25262 | In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. | Hub | 9.8 | ||
2023-04-24 | CVE-2022-48477 | In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing | Hub | 9.8 | ||
2022-11-18 | CVE-2022-45471 | In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address | Hub | 7.5 | ||
2021-02-03 | CVE-2021-25759 | In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user. | Hub | 6.5 | ||
2021-11-09 | CVE-2021-43183 | In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. | Hub | 9.8 | ||
2022-07-01 | CVE-2022-34894 | In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services | Hub | 5.3 |