CVE-2019-12847

Published: Jul 3, 2019Modified: Nov 21, 2024

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period.

Affected (1)

Products: Jetbrains: Hub

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jetbrains Hub	Before 2018.4.11298

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/

Source: cve@mitre.org

Vendor Advisory

https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.