Jetbrains: >> Hub >> 1.0.809 Security Vulnerabilities
In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group.
CVSS Score
7.5
EPSS Score
0.0
Published
2021-05-11
In JetBrains Hub before 2020.1.12629, an open redirect was possible.
CVSS Score
6.1
EPSS Score
0.0
Published
2021-02-03
In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user.
CVSS Score
6.5
EPSS Score
0.0
Published
2021-02-03
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-02-03
In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-01
In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period.
CVSS Score
7.2
EPSS Score
0.0
Published
2019-07-03
Page 3