Hub

hub

Vendor: Jetbrains • 33 CVEs

CVEs (33)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-32229 1Jetbrains 1Hub Apr 2, 2026 Mar 11, 2026 N/A· v4 6.8 MEDIUM· v3 N/A· v2 In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled
CVE-2026-25848 1Jetbrains 1Hub Feb 18, 2026 Feb 9, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
CVE-2025-64683 1Jetbrains 1Hub Nov 21, 2025 Nov 10, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
CVE-2025-64682 1Jetbrains 1Hub Nov 20, 2025 Nov 10, 2025 N/A· v4 3.7 LOW· v3 N/A· v2 In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit
CVE-2025-64681 1Jetbrains 1Hub Nov 20, 2025 Nov 10, 2025 N/A· v4 3.7 LOW· v3 N/A· v2 In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations
CVE-2025-24456 1Jetbrains 1Hub Jan 30, 2025 Jan 21, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping
CVE-2024-50573 1Jetbrains 1Hub Oct 29, 2024 Oct 28, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
CVE-2024-38507 1Jetbrains 1Hub Nov 21, 2024 Jun 18, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible
CVE-2022-48477 1Jetbrains 1Hub Nov 21, 2024 Apr 24, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
CVE-2022-48429 1Jetbrains 1Hub Nov 21, 2024 Mar 27, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
CVE-2022-45471 1Jetbrains 1Hub Nov 21, 2024 Nov 18, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address
CVE-2022-34894 1Jetbrains 1Hub Nov 21, 2024 Jul 1, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
CVE-2022-29811 1Jetbrains 1Hub Nov 21, 2024 Apr 28, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
CVE-2022-25262 1Jetbrains 1Hub Nov 21, 2024 Feb 25, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.
CVE-2022-25260 1Jetbrains 1Hub Nov 21, 2024 Feb 25, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
CVE-2022-25259 1Jetbrains 1Hub Nov 21, 2024 Feb 25, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.
CVE-2022-24328 1Jetbrains 1Hub Nov 21, 2024 Feb 25, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.
CVE-2022-24327 1Jetbrains 1Hub Nov 21, 2024 Feb 25, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.
CVE-2021-43182 1Jetbrains 1Hub Nov 21, 2024 Nov 9, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.
CVE-2021-43181 1Jetbrains 1Hub Nov 21, 2024 Nov 9, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In JetBrains Hub before 2021.1.13690, stored XSS is possible.

12 Next