Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Jetbrains Subscribe
Filtered by product Hub

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 18 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-37540 1 Jetbrains 1 Hub 2023-08-08 6.4 MEDIUM 6.5 MEDIUM
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.
CVE-2022-25262 1 Jetbrains 1 Hub 2023-08-08 7.5 HIGH 9.8 CRITICAL
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.
CVE-2021-43183 1 Jetbrains 1 Hub 2022-07-12 7.5 HIGH 9.8 CRITICAL
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.
CVE-2021-25759 1 Jetbrains 1 Hub 2022-07-12 4.0 MEDIUM 6.5 MEDIUM
In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user.
CVE-2022-34894 1 Jetbrains 1 Hub 2022-07-11 5.0 MEDIUM 5.3 MEDIUM
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
CVE-2022-29811 1 Jetbrains 1 Hub 2022-05-05 3.5 LOW 4.8 MEDIUM
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
CVE-2021-43180 1 Jetbrains 1 Hub 2021-11-10 5.0 MEDIUM 7.5 HIGH
In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.
CVE-2021-43181 1 Jetbrains 1 Hub 2021-11-10 4.3 MEDIUM 6.1 MEDIUM
In JetBrains Hub before 2021.1.13690, stored XSS is possible.
CVE-2021-43182 1 Jetbrains 1 Hub 2021-11-10 5.0 MEDIUM 7.5 HIGH
In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.
CVE-2021-37541 1 Jetbrains 1 Hub 2021-08-12 4.3 MEDIUM 6.1 MEDIUM
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.
CVE-2021-36209 1 Jetbrains 1 Hub 2021-08-12 7.5 HIGH 9.8 CRITICAL
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.
CVE-2019-18360 1 Jetbrains 1 Hub 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.
CVE-2020-11691 1 Jetbrains 1 Hub 2021-07-21 5.0 MEDIUM 7.5 HIGH
In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.
CVE-2021-31901 1 Jetbrains 1 Hub 2021-05-17 5.0 MEDIUM 7.5 HIGH
In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group.
CVE-2021-25760 1 Jetbrains 1 Hub 2021-02-04 5.0 MEDIUM 5.3 MEDIUM
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.
CVE-2021-25757 1 Jetbrains 1 Hub 2021-02-04 5.8 MEDIUM 6.1 MEDIUM
In JetBrains Hub before 2020.1.12629, an open redirect was possible.
CVE-2019-12847 1 Jetbrains 1 Hub 2020-08-24 4.0 MEDIUM 7.2 HIGH
In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period.
CVE-2019-14955 1 Jetbrains 1 Hub 2019-10-08 5.0 MEDIUM 5.3 MEDIUM
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented.