Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hub
(Jetbrains)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 27 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-04-28 | CVE-2022-29811 | In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. | Hub | 4.8 | ||
2022-02-25 | CVE-2022-25260 | JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). | Hub | 9.1 | ||
2022-02-25 | CVE-2022-24327 | In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. | Hub | 7.5 | ||
2022-02-25 | CVE-2022-24328 | In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. | Hub | 6.5 | ||
2022-02-25 | CVE-2022-25259 | JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. | Hub | 6.1 | ||
2021-11-09 | CVE-2021-43180 | In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. | Hub | 7.5 | ||
2021-11-09 | CVE-2021-43181 | In JetBrains Hub before 2021.1.13690, stored XSS is possible. | Hub | 6.1 | ||
2021-11-09 | CVE-2021-43182 | In JetBrains Hub before 2021.1.13415, a DoS via user information is possible. | Hub | 7.5 | ||
2021-08-06 | CVE-2021-36209 | In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. | Hub | 9.8 | ||
2021-08-06 | CVE-2021-37541 | In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. | Hub | 6.1 |