cbcvebase.

Jetbrains Hub vulnerabilities

36 known vulnerabilities affecting jetbrains/hub.

Total CVEs
36
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH10MEDIUM16LOW2

Vulnerabilities

Page 1 of 2
CVE-2026-25848P2CRITICALCVSS 9.8fixed in 2025.3.1198072026-02-09
CVE-2026-25848 [CRITICAL] CWE-306 CVE-2026-25848: In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was poss In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
nvd
CVE-2026-50242P2CRITICALCVSS 9.8≥ 2024.2.33606, < 2024.2.148429≥ 2024.3.44799, < 2024.3.148430+5 more2026-06-19
CVE-2026-50242 [CRITICAL] CWE-306 CVE-2026-50242: In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 20 In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible
nvd
CVE-2026-56142P3HIGHCVSS 8.8≥ 2024.2.33606, < 2024.2.148429≥ 2024.3.44799, < 2024.3.148430+5 more2026-06-19
CVE-2026-56142 [HIGH] CWE-915 CVE-2026-56142: In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 20 In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible
nvd
CVE-2021-43183P3CRITICALCVSS 9.8fixed in 2021.1.136902021-11-09
CVE-2021-43183 [CRITICAL] CVE-2021-43183: In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.
nvd
CVE-2026-56141P3CRITICALCVSS 9.8≥ 2024.2.33606, < 2024.2.148429≥ 2024.3.44799, < 2024.3.148430+5 more2026-06-19
CVE-2026-56141 [CRITICAL] CWE-338 CVE-2026-56141: In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 20 In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible
nvd
CVE-2025-24456P3HIGHCVSS 8.8fixed in 2024.3.554172025-01-21
CVE-2025-24456 [HIGH] CWE-288 CVE-2025-24456: In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mappi In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping
nvd
CVE-2021-36209P3CRITICALCVSS 9.8fixed in 2021.1.133892021-08-06
CVE-2021-36209 [CRITICAL] CWE-640 CVE-2021-36209: In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.
nvd
CVE-2022-25260P3CRITICALCVSS 9.1fixed in 2021.1.142762022-02-25
CVE-2022-25260 [CRITICAL] CWE-918 CVE-2022-25260: JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
nvd
CVE-2022-48477P3CRITICALCVSS 9.8fixed in 2023.1.157252023-04-24
CVE-2022-48477 [CRITICAL] CWE-918 CVE-2022-48477: In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
nvd
CVE-2022-25262P3CRITICALCVSS 9.8fixed in 2022.1.144342022-02-25
CVE-2022-25262 [CRITICAL] CWE-345 CVE-2022-25262: In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.
nvd
CVE-2021-31901P3HIGHCVSS 7.5fixed in 2021.1.130792021-05-11
CVE-2021-31901 [HIGH] CVE-2021-31901: In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group.
nvd
CVE-2025-64683P3HIGHCVSS 7.5fixed in 2025.3.1044322025-11-10
CVE-2025-64683 [HIGH] CWE-362 CVE-2025-64683: In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
nvd
CVE-2022-24327P3HIGHCVSS 7.5fixed in 2021.1.138902022-02-25
CVE-2022-24327 [HIGH] CWE-732 CVE-2022-24327: In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with exc In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.
nvd
CVE-2026-32229P3MEDIUMCVSS 6.8fixed in 2025.3.128064≥ 2025.1, < 2025.3.1280642026-03-11
CVE-2026-32229 [MEDIUM] CWE-290 CVE-2026-32229: In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabl In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled
nvd
CVE-2021-43180P3HIGHCVSS 7.5fixed in 2021.1.136902021-11-09
CVE-2021-43180 [HIGH] CVE-2021-43180: In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.
nvd
CVE-2022-45471P4HIGHCVSS 7.5fixed in 2022.3.151812022-11-18
CVE-2022-45471 [HIGH] CWE-770 CVE-2022-45471: In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address
nvd
CVE-2019-12847P4HIGHCVSS 7.2fixed in 2018.4.112982019-07-03
CVE-2019-12847 [HIGH] CWE-522 CVE-2019-12847: In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleart In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period.
nvd
CVE-2021-43182P4HIGHCVSS 7.5fixed in 2021.1.134152021-11-09
CVE-2021-43182 [HIGH] CVE-2021-43182: In JetBrains Hub before 2021.1.13415, a DoS via user information is possible. In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.
nvd
CVE-2021-25759P4MEDIUMCVSS 6.5fixed in 2020.1.126292021-02-03
CVE-2021-25759 [MEDIUM] CVE-2021-25759: In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other use In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user.
nvd
CVE-2020-11691P4HIGHCVSS 7.5fixed in 2020.1.120992020-04-22
CVE-2020-11691 [HIGH] CVE-2020-11691: In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible. In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.
nvd
Jetbrains Hub vulnerabilities | cvebase