Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25759 | 1 Jetbrains | 1 Hub | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user. | |||||
| CVE-2021-25760 | 1 Jetbrains | 1 Hub | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible. | |||||
| CVE-2021-25757 | 1 Jetbrains | 1 Hub | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| In JetBrains Hub before 2020.1.12629, an open redirect was possible. | |||||
| CVE-2020-11691 | 1 Jetbrains | 1 Hub | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible. | |||||
| CVE-2019-14955 | 1 Jetbrains | 1 Hub | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented. | |||||
| CVE-2019-18360 | 1 Jetbrains | 1 Hub | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery. | |||||
| CVE-2019-12847 | 1 Jetbrains | 1 Hub | 2024-02-04 | 4.0 MEDIUM | 7.2 HIGH |
| In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period. | |||||