Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Jetbrains Subscribe
Filtered by product Hub

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-37540 1 Jetbrains 1 Hub 2023-08-08 6.4 MEDIUM 6.5 MEDIUM
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.
CVE-2021-25759 1 Jetbrains 1 Hub 2022-07-12 4.0 MEDIUM 6.5 MEDIUM
In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user.
CVE-2022-34894 1 Jetbrains 1 Hub 2022-07-11 5.0 MEDIUM 5.3 MEDIUM
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
CVE-2022-29811 1 Jetbrains 1 Hub 2022-05-05 3.5 LOW 4.8 MEDIUM
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
CVE-2021-43181 1 Jetbrains 1 Hub 2021-11-10 4.3 MEDIUM 6.1 MEDIUM
In JetBrains Hub before 2021.1.13690, stored XSS is possible.
CVE-2021-37541 1 Jetbrains 1 Hub 2021-08-12 4.3 MEDIUM 6.1 MEDIUM
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.
CVE-2019-18360 1 Jetbrains 1 Hub 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.
CVE-2021-25760 1 Jetbrains 1 Hub 2021-02-04 5.0 MEDIUM 5.3 MEDIUM
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.
CVE-2021-25757 1 Jetbrains 1 Hub 2021-02-04 5.8 MEDIUM 6.1 MEDIUM
In JetBrains Hub before 2020.1.12629, an open redirect was possible.
CVE-2019-14955 1 Jetbrains 1 Hub 2019-10-08 5.0 MEDIUM 5.3 MEDIUM
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented.