Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hub
(Jetbrains)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 27 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-02-03 | CVE-2021-25759 | In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user. | Hub | 6.5 | ||
2021-11-09 | CVE-2021-43183 | In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. | Hub | 9.8 | ||
2022-07-01 | CVE-2022-34894 | In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services | Hub | 5.3 | ||
2022-04-28 | CVE-2022-29811 | In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. | Hub | 4.8 | ||
2022-02-25 | CVE-2022-25260 | JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). | Hub | 9.1 | ||
2022-02-25 | CVE-2022-24327 | In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. | Hub | 7.5 | ||
2022-02-25 | CVE-2022-24328 | In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. | Hub | 6.5 | ||
2022-02-25 | CVE-2022-25259 | JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. | Hub | 6.1 | ||
2021-11-09 | CVE-2021-43180 | In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. | Hub | 7.5 | ||
2021-11-09 | CVE-2021-43181 | In JetBrains Hub before 2021.1.13690, stored XSS is possible. | Hub | 6.1 |