Vulnerabilities > Jetbrains > HUB > 2018.4.11298
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-09 | CVE-2021-43180 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. | 5.0 |
| 2021-11-09 | CVE-2021-43181 | Cross-site Scripting vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13690, stored XSS is possible. | 4.3 |
| 2021-11-09 | CVE-2021-43182 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13415, a DoS via user information is possible. | 5.0 |
| 2021-11-09 | CVE-2021-43183 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. | 7.5 |
| 2021-08-06 | CVE-2021-36209 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. | 7.5 |
| 2021-08-06 | CVE-2021-37540 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. | 6.5 |
| 2021-08-06 | CVE-2021-37541 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. | 4.3 |
| 2021-05-11 | CVE-2021-31901 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group. | 5.0 |
| 2021-02-03 | CVE-2021-25760 | Information Exposure vulnerability in Jetbrains HUB In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible. | 5.0 |
| 2021-02-03 | CVE-2021-25759 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user. | 4.0 |