CVE-2025-24456
- EPSS 0%
- Published 21.01.2025 18:15:18
- Last modified 30.01.2025 21:28:52
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping
CVE-2024-50573
- EPSS 0%
- Published 28.10.2024 13:15:08
- Last modified 29.10.2024 17:12:14
In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
CVE-2024-38507
- EPSS 0.16%
- Published 18.06.2024 11:15:52
- Last modified 21.11.2024 09:26:06
In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible
CVE-2022-48477
- EPSS 0%
- Published 24.04.2023 13:15:07
- Last modified 21.11.2024 07:33:24
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
CVE-2022-48429
- EPSS 0.02%
- Published 27.03.2023 16:15:07
- Last modified 21.11.2024 07:33:19
In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
CVE-2022-45471
- EPSS 0%
- Published 18.11.2022 15:15:10
- Last modified 21.11.2024 07:29:18
In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address
CVE-2022-34894
- EPSS 0%
- Published 01.07.2022 10:15:10
- Last modified 21.11.2024 07:10:23
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
CVE-2022-29811
- EPSS 0.01%
- Published 28.04.2022 10:15:07
- Last modified 21.11.2024 06:59:43
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
CVE-2022-25262
- EPSS 0.02%
- Published 25.02.2022 20:15:08
- Last modified 21.11.2024 06:51:54
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.
CVE-2022-25260
- EPSS 0.05%
- Published 25.02.2022 20:15:08
- Last modified 21.11.2024 06:51:53
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).