RSS   Vulnerabilities for 'HUB'   RSS

2021-02-03
 
CVE-2021-25760

CWE-200
 

 
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.

 
 
CVE-2021-25759

CWE-732
 

 
In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user.

 
 
CVE-2021-25757

CWE-601
 

 
In JetBrains Hub before 2020.1.12629, an open redirect was possible.

 
2020-04-22
 
CVE-2020-11691

CWE-20
 

 
In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.

 
2019-10-01
 
CVE-2019-14955

CWE-640
 

 
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented.

 
2019-07-03
 
CVE-2019-12847

CWE-255
 

 
In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period.

 

 >>> Vendor: Jetbrains 20 Products
Teamcity
Intellij idea
Dotpeek
Resharper ultimate
Youtrack integration
HUB
Youtrack
Kotlin
KTOR
Toolbox
Rider
VIM
Pycharm
Upsource
Resharper
Idetalk
Scala
Space
Goland
Phpstorm


Copyright 2021, cxsecurity.com

 

Back to Top