Vulnerabilities > Jetbrains > HUB
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-28 | CVE-2024-50573 | Missing Authorization vulnerability in Jetbrains HUB In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services | 5.4 |
2024-06-18 | CVE-2024-38507 | Cross-site Scripting vulnerability in Jetbrains HUB In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible | 5.4 |
2023-04-24 | CVE-2022-48477 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing | 9.8 |
2023-03-27 | CVE-2022-48429 | Cross-site Scripting vulnerability in Jetbrains HUB In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible | 5.4 |
2022-11-18 | CVE-2022-45471 | Allocation of Resources Without Limits or Throttling vulnerability in Jetbrains HUB In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address | 7.5 |
2022-07-01 | CVE-2022-34894 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services | 5.3 |
2022-04-28 | CVE-2022-29811 | Cross-site Scripting vulnerability in Jetbrains HUB In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. | 4.8 |
2022-02-25 | CVE-2022-25259 | Cross-site Scripting vulnerability in Jetbrains HUB JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. | 6.1 |
2022-02-25 | CVE-2022-25260 | Server-Side Request Forgery (SSRF) vulnerability in Jetbrains HUB JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). | 9.1 |
2022-02-25 | CVE-2022-25262 | Insufficient Verification of Data Authenticity vulnerability in Jetbrains HUB In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. | 9.8 |