Vulnerabilities > Jetbrains > HUB > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-04-24 CVE-2022-48477 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains HUB
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
network
low complexity
jetbrains CWE-918
critical
 9.8
9.8
2022-02-25 CVE-2022-25262 Insufficient Verification of Data Authenticity vulnerability in Jetbrains HUB
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.
network
low complexity
jetbrains CWE-345
critical
 9.8
9.8
2022-02-25 CVE-2022-25260 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains HUB
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
network
low complexity
jetbrains CWE-918
critical
 9.1
9.1
2021-11-09 CVE-2021-43183 Unspecified vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.
network
low complexity
jetbrains
critical
 9.8
9.8
2021-08-06 CVE-2021-36209 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.
network
low complexity
jetbrains CWE-640
critical
 9.8
9.8