RSS   Vulnerabilities for 'HUB'   RSS

2022-04-28
 
CVE-2022-29811

CWE-79
 

 
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.

 
2022-02-25
 
CVE-2022-25259

CWE-79
 

 
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.

 
 
CVE-2022-24327

CWE-732
 

 
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.

 
 
CVE-2022-24328

NVD-CWE-noinfo
 

 
In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.

 
2021-11-09
 
CVE-2021-43183

CWE-287
 

 
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.

 
 
CVE-2021-43180

NVD-CWE-noinfo
 

 
In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.

 
 
CVE-2021-43181

CWE-79
 

 
In JetBrains Hub before 2021.1.13690, stored XSS is possible.

 
 
CVE-2021-43182

NVD-CWE-noinfo
 

 
In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.

 
2021-08-06
 
CVE-2021-36209

CWE-640
 

 
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.

 
 
CVE-2021-37540

CWE-326
 

 
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.

 


Copyright 2024, cxsecurity.com

 

Back to Top