Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48477 | 1 Jetbrains | 1 Hub | 2023-12-10 | N/A | 9.8 CRITICAL |
| In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing | |||||
| CVE-2022-48429 | 1 Jetbrains | 1 Hub | 2023-12-10 | N/A | 5.4 MEDIUM |
| In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible | |||||
| CVE-2022-45471 | 1 Jetbrains | 1 Hub | 2023-12-10 | N/A | 7.5 HIGH |
| In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address | |||||
| CVE-2022-25260 | 1 Jetbrains | 1 Hub | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). | |||||
| CVE-2022-24328 | 1 Jetbrains | 1 Hub | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. | |||||
| CVE-2022-25259 | 1 Jetbrains | 1 Hub | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. | |||||
| CVE-2022-24327 | 1 Jetbrains | 1 Hub | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. | |||||
| CVE-2022-29811 | 1 Jetbrains | 1 Hub | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. | |||||
| CVE-2022-25262 | 1 Jetbrains | 1 Hub | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. | |||||
| CVE-2022-34894 | 1 Jetbrains | 1 Hub | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services | |||||
| CVE-2021-43180 | 1 Jetbrains | 1 Hub | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. | |||||
| CVE-2021-43183 | 1 Jetbrains | 1 Hub | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. | |||||
| CVE-2021-43181 | 1 Jetbrains | 1 Hub | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains Hub before 2021.1.13690, stored XSS is possible. | |||||
| CVE-2021-43182 | 1 Jetbrains | 1 Hub | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains Hub before 2021.1.13415, a DoS via user information is possible. | |||||
| CVE-2021-31901 | 1 Jetbrains | 1 Hub | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group. | |||||
| CVE-2021-37541 | 1 Jetbrains | 1 Hub | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. | |||||
| CVE-2021-37540 | 1 Jetbrains | 1 Hub | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
| In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. | |||||
| CVE-2021-36209 | 1 Jetbrains | 1 Hub | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. | |||||
| CVE-2021-25757 | 1 Jetbrains | 1 Hub | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| In JetBrains Hub before 2020.1.12629, an open redirect was possible. | |||||
| CVE-2021-25759 | 1 Jetbrains | 1 Hub | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user. | |||||