Vulnerabilities > Jetbrains > HUB > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-27 CVE-2022-48429 Cross-site Scripting vulnerability in Jetbrains HUB
In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
network
low complexity
jetbrains CWE-79
5.4
5.4
2022-07-01 CVE-2022-34894 Unspecified vulnerability in Jetbrains HUB
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
network
low complexity
jetbrains
5.0
5.0
2022-02-25 CVE-2022-25259 Cross-site Scripting vulnerability in Jetbrains HUB
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.
network
jetbrains CWE-79
4.3
4.3
2022-02-25 CVE-2022-25260 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains HUB
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
network
low complexity
jetbrains CWE-918
6.4
6.4
2022-02-25 CVE-2022-24327 Incorrect Permission Assignment for Critical Resource vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.
network
low complexity
jetbrains CWE-732
5.0
5.0
2022-02-25 CVE-2022-24328 Unspecified vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.
network
low complexity
jetbrains
4.0
4.0
2021-11-09 CVE-2021-43180 Unspecified vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.
network
low complexity
jetbrains
5.0
5.0
2021-11-09 CVE-2021-43181 Cross-site Scripting vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13690, stored XSS is possible.
network
jetbrains CWE-79
4.3
4.3
2021-11-09 CVE-2021-43182 Unspecified vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.
network
low complexity
jetbrains
5.0
5.0
2021-08-06 CVE-2021-37540 Unspecified vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.
network
low complexity
jetbrains
6.5
6.5