Vulnerability Details CVE-2019-12847
In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.1%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 4.0
References
Products affected by CVE-2019-12847
-
cpe:2.3:a:jetbrains:hub:-
-
cpe:2.3:a:jetbrains:hub:1.0.648
-
cpe:2.3:a:jetbrains:hub:1.0.739
-
cpe:2.3:a:jetbrains:hub:1.0.749
-
cpe:2.3:a:jetbrains:hub:1.0.770
-
cpe:2.3:a:jetbrains:hub:1.0.797
-
cpe:2.3:a:jetbrains:hub:1.0.809
-
cpe:2.3:a:jetbrains:hub:2.0.182
-
cpe:2.3:a:jetbrains:hub:2.0.314
-
cpe:2.3:a:jetbrains:hub:2.5.330
-
cpe:2.3:a:jetbrains:hub:2.5.359
-
cpe:2.3:a:jetbrains:hub:2.5.450
-
cpe:2.3:a:jetbrains:hub:2.5.456
-
cpe:2.3:a:jetbrains:hub:2017.1
-
cpe:2.3:a:jetbrains:hub:2017.1.4524
-
cpe:2.3:a:jetbrains:hub:2017.1.4711
-
cpe:2.3:a:jetbrains:hub:2017.2
-
cpe:2.3:a:jetbrains:hub:2017.3
-
cpe:2.3:a:jetbrains:hub:2017.4
-
cpe:2.3:a:jetbrains:hub:2018.1
-
cpe:2.3:a:jetbrains:hub:2018.3