Vulnerabilities > Jetbrains > HUB > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-27 | CVE-2022-48429 | Cross-site Scripting vulnerability in Jetbrains HUB In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible | 5.4 |
2022-07-01 | CVE-2022-34894 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services | 5.0 |
2022-02-25 | CVE-2022-25259 | Cross-site Scripting vulnerability in Jetbrains HUB JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. | 4.3 |
2022-02-25 | CVE-2022-25260 | Server-Side Request Forgery (SSRF) vulnerability in Jetbrains HUB JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). | 6.4 |
2022-02-25 | CVE-2022-24327 | Incorrect Permission Assignment for Critical Resource vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. | 5.0 |
2022-02-25 | CVE-2022-24328 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. | 4.0 |
2021-11-09 | CVE-2021-43180 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. | 5.0 |
2021-11-09 | CVE-2021-43181 | Cross-site Scripting vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13690, stored XSS is possible. | 4.3 |
2021-11-09 | CVE-2021-43182 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13415, a DoS via user information is possible. | 5.0 |
2021-08-06 | CVE-2021-37540 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. | 6.5 |