Vulnerabilities > Jetbrains > HUB
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-03 | CVE-2021-25760 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible. | 5.3 |
| 2021-02-03 | CVE-2021-25759 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user. | 6.5 |
| 2021-02-03 | CVE-2021-25757 | Open Redirect vulnerability in Jetbrains HUB In JetBrains Hub before 2020.1.12629, an open redirect was possible. | 6.1 |
| 2020-04-22 | CVE-2020-11691 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible. | 7.5 |
| 2019-10-31 | CVE-2019-18360 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery. | 5.3 |
| 2019-10-01 | CVE-2019-14955 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Jetbrains HUB In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented. | 5.3 |
| 2019-07-03 | CVE-2019-12847 | Insufficiently Protected Credentials vulnerability in Jetbrains HUB In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. | 7.2 |