Vulnerabilities > Jetbrains > HUB > 2018.4.11436

DATE CVE VULNERABILITY TITLE RISK
2023-04-24 CVE-2022-48477 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains HUB
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
network
low complexity
jetbrains CWE-918
critical
 9.8
9.8
2023-03-27 CVE-2022-48429 Cross-site Scripting vulnerability in Jetbrains HUB
In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
network
low complexity
jetbrains CWE-79
5.4
5.4
2022-11-18 CVE-2022-45471 Allocation of Resources Without Limits or Throttling vulnerability in Jetbrains HUB
In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address
network
low complexity
jetbrains CWE-770
7.5
7.5
2022-07-01 CVE-2022-34894 Unspecified vulnerability in Jetbrains HUB
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
network
low complexity
jetbrains
5.0
5.0
2022-04-28 CVE-2022-29811 Cross-site Scripting vulnerability in Jetbrains HUB
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
network
jetbrains CWE-79
3.5
3.5
2022-02-25 CVE-2022-25259 Cross-site Scripting vulnerability in Jetbrains HUB
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.
network
jetbrains CWE-79
4.3
4.3
2022-02-25 CVE-2022-25260 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains HUB
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
network
low complexity
jetbrains CWE-918
6.4
6.4
2022-02-25 CVE-2022-25262 Insufficient Verification of Data Authenticity vulnerability in Jetbrains HUB
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.
network
low complexity
jetbrains CWE-345
critical
 9.8
9.8
2022-02-25 CVE-2022-24327 Incorrect Permission Assignment for Critical Resource vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.
network
low complexity
jetbrains CWE-732
5.0
5.0
2022-02-25 CVE-2022-24328 Unspecified vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.
network
low complexity
jetbrains
4.0
4.0