cbcvebase.

Jetbrains Hub vulnerabilities

36 known vulnerabilities affecting jetbrains/hub.

Total CVEs
36
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH10MEDIUM16LOW2

Vulnerabilities

Page 2 of 2
CVE-2022-24328P4MEDIUMCVSS 6.5fixed in 2021.1.139562022-02-25
CVE-2022-24328 [MEDIUM] CVE-2022-24328: In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.
nvd
CVE-2021-37540P4MEDIUMCVSS 6.5fixed in 2021.1.132622021-08-06
CVE-2021-37540 [MEDIUM] CVE-2021-37540: In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment featu In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.
nvd
CVE-2024-50573P4MEDIUMCVSS 5.4fixed in 2024.3.477072024-10-28
CVE-2024-50573 [MEDIUM] CWE-862 CVE-2024-50573: In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tok In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
nvd
CVE-2021-37541P4MEDIUMCVSS 6.1fixed in 2021.1.134022021-08-06
CVE-2021-37541 [MEDIUM] CWE-74 CVE-2021-37541: In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.
nvd
CVE-2019-18360P4MEDIUMCVSS 5.3fixed in 2019.1.117382019-10-31
CVE-2019-18360 [MEDIUM] CVE-2019-18360: In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through passw In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.
nvd
CVE-2021-43181P4MEDIUMCVSS 6.1fixed in 2021.1.136902021-11-09
CVE-2021-43181 [MEDIUM] CWE-79 CVE-2021-43181: In JetBrains Hub before 2021.1.13690, stored XSS is possible. In JetBrains Hub before 2021.1.13690, stored XSS is possible.
nvd
CVE-2019-14955P4MEDIUMCVSS 5.3fixed in 2018.4.114362019-10-01
CVE-2019-14955 [MEDIUM] CWE-640 CVE-2019-14955: In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change t In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented.
nvd
CVE-2022-34894P4MEDIUMCVSS 5.3fixed in 2022.2.14799≥ 2022.2.14799, < 2022.2.147992022-07-01
CVE-2022-34894 [MEDIUM] CWE-284 CVE-2022-34894: In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
nvd
CVE-2024-38507P4MEDIUMCVSS 5.4fixed in 2024.2.346462024-06-18
CVE-2024-38507 [MEDIUM] CWE-79 CVE-2024-38507: In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible
nvd
CVE-2021-25760P4MEDIUMCVSS 5.3fixed in 2020.1.126692021-02-03
CVE-2021-25760 [MEDIUM] CVE-2021-25760: In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible. In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.
nvd
CVE-2022-25259P4MEDIUMCVSS 6.1fixed in 2021.1.142762022-02-25
CVE-2022-25259 [MEDIUM] CWE-79 CVE-2022-25259: JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.
nvd
CVE-2021-25757P4MEDIUMCVSS 6.1fixed in 2020.1.126292021-02-03
CVE-2021-25757 [MEDIUM] CWE-601 CVE-2021-25757: In JetBrains Hub before 2020.1.12629, an open redirect was possible. In JetBrains Hub before 2020.1.12629, an open redirect was possible.
nvd
CVE-2022-48429P4MEDIUMCVSS 5.4fixed in 2022.1.15583≥ 2022.2, < 2022.2.15572+2 more2023-03-27
CVE-2022-48429 [MEDIUM] CWE-79 CVE-2022-48429: In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was pos In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
nvd
CVE-2022-29811P4MEDIUMCVSS 4.8fixed in 2022.1.14638≥ 2022.1.14638, < 2022.1.146382022-04-28
CVE-2022-29811 [MEDIUM] CWE-79 CVE-2022-29811: In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
nvd
CVE-2025-64681P4LOWCVSS 3.7fixed in 2025.3.1049922025-11-10
CVE-2025-64681 [LOW] CWE-862 CVE-2025-64681: In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitati In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations
nvd
CVE-2025-64682P4LOWCVSS 3.7fixed in 2025.3.1044322025-11-10
CVE-2025-64682 [LOW] CWE-362 CVE-2025-64682: In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit
nvd
Jetbrains Hub vulnerabilities | cvebase