Vulnerabilities > Jetbrains > HUB

DATE CVE VULNERABILITY TITLE RISK
2024-10-28 CVE-2024-50573 Missing Authorization vulnerability in Jetbrains HUB
In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
network
low complexity
jetbrains CWE-862
5.4
2024-06-18 CVE-2024-38507 Cross-site Scripting vulnerability in Jetbrains HUB
In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible
network
low complexity
jetbrains CWE-79
5.4
2023-04-24 CVE-2022-48477 Unspecified vulnerability in Jetbrains HUB
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
network
low complexity
jetbrains
critical
9.8
2023-03-27 CVE-2022-48429 Cross-site Scripting vulnerability in Jetbrains HUB
In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
network
low complexity
jetbrains CWE-79
5.4
2022-11-18 CVE-2022-45471 Allocation of Resources Without Limits or Throttling vulnerability in Jetbrains HUB
In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address
network
low complexity
jetbrains CWE-770
7.5
2022-07-01 CVE-2022-34894 Unspecified vulnerability in Jetbrains HUB
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
network
low complexity
jetbrains
5.3
2022-04-28 CVE-2022-29811 Cross-site Scripting vulnerability in Jetbrains HUB
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
network
low complexity
jetbrains CWE-79
4.8
2022-02-25 CVE-2022-25259 Cross-site Scripting vulnerability in Jetbrains HUB
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.
network
low complexity
jetbrains CWE-79
6.1
2022-02-25 CVE-2022-25260 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains HUB
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
network
low complexity
jetbrains CWE-918
critical
9.1
2022-02-25 CVE-2022-25262 Insufficient Verification of Data Authenticity vulnerability in Jetbrains HUB
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.
network
low complexity
jetbrains CWE-345
critical
9.8