Hub

hub

Vendor: Jetbrains • 33 CVEs

CVEs (33)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-43180 1Jetbrains 1Hub Nov 21, 2024 Nov 9, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.
CVE-2021-43183 1Jetbrains 1Hub Nov 21, 2024 Nov 9, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.
CVE-2021-37541 1Jetbrains 1Hub Nov 21, 2024 Aug 6, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.
CVE-2021-37540 1Jetbrains 1Hub Nov 21, 2024 Aug 6, 2021 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.
CVE-2021-36209 1Jetbrains 1Hub Nov 21, 2024 Aug 6, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.
CVE-2021-31901 1Jetbrains 1Hub Nov 21, 2024 May 11, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group.
CVE-2021-25760 1Jetbrains 1Hub Nov 21, 2024 Feb 3, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.
CVE-2021-25759 1Jetbrains 1Hub Nov 21, 2024 Feb 3, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user.
CVE-2021-25757 1Jetbrains 1Hub Nov 21, 2024 Feb 3, 2021 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 In JetBrains Hub before 2020.1.12629, an open redirect was possible.
CVE-2020-11691 1Jetbrains 1Hub Nov 21, 2024 Apr 22, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.
CVE-2019-18360 1Jetbrains 1Hub Nov 21, 2024 Oct 31, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.
CVE-2019-14955 1Jetbrains 1Hub Nov 21, 2024 Oct 1, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented.
CVE-2019-12847 1Jetbrains 1Hub Nov 21, 2024 Jul 3, 2019 N/A· v4 7.2 HIGH· v3 4.0 MEDIUM· v2 In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the aud...Show more In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period.Show less

Previous 12