Product:

Hub

(Jetbrains)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 27
Date Id Summary Products Score Patch Annotated
2021-11-09 CVE-2021-43182 In JetBrains Hub before 2021.1.13415, a DoS via user information is possible. Hub 7.5
2021-08-06 CVE-2021-36209 In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. Hub 9.8
2021-08-06 CVE-2021-37541 In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. Hub 6.1
2019-10-31 CVE-2019-18360 In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery. Hub 5.3
2020-04-22 CVE-2020-11691 In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible. Hub 7.5
2021-05-11 CVE-2021-31901 In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group. Hub 7.5
2021-02-03 CVE-2021-25760 In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible. Hub 5.3
2021-02-03 CVE-2021-25757 In JetBrains Hub before 2020.1.12629, an open redirect was possible. Hub 6.1
2019-10-01 CVE-2019-14955 In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented. Hub N/A
2019-07-03 CVE-2019-12847 In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period. Hub 7.2