jetbrains hub CVE Vulnerabilities (36)

CVEs: 36 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting jetbrains hub (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 120 of 36 CVEs
«« First « Prev Page 1 / 2 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2026-56142 In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible [email protected] 9.9 0.41% 2026-06-19 2026-06-26
CVE-2026-56141 In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible [email protected] 9.8 0.36% 2026-06-19 2026-06-26
CVE-2026-50242 In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible [email protected] 10.0 0.44% 2026-06-19 2026-06-26
CVE-2026-32229 In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled [email protected] 6.8 0.17% 2026-03-11 2026-06-17
CVE-2026-25848 In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible [email protected] 9.1 0.43% 2026-02-09 2026-06-17
CVE-2025-64683 In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API [email protected] 5.3 0.18% 2025-11-10 2026-06-17
CVE-2025-64682 In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit [email protected] 2.7 0.15% 2025-11-10 2026-06-17
CVE-2025-64681 In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations [email protected] 2.7 0.16% 2025-11-10 2026-06-17
CVE-2025-24456 In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping [email protected] 6.7 0.27% 2025-01-21 2026-06-17
CVE-2024-50573 In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services [email protected] 4.3 0.21% 2024-10-28 2026-06-17
CVE-2024-38507 In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible [email protected] 3.5 0.24% 2024-06-18 2026-06-17
CVE-2022-48477 In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing [email protected] 4.1 0.48% 2023-04-24 2026-06-17
CVE-2022-48429 In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible [email protected] 4.6 0.60% 2023-03-27 2026-06-17
CVE-2022-45471 In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address [email protected] 3.5 0.52% 2022-11-18 2026-06-17
CVE-2022-34894 In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services [email protected] 3.5 0.50% 2022-07-01 2026-06-17
CVE-2022-29811 In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. [email protected] 6.1 0.45% 2022-04-28 2026-06-17
CVE-2022-25262 In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. [email protected] 9.8 1.42% 2022-02-25 2026-06-17
CVE-2022-25260 JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). [email protected] 9.1 2.35% 2022-02-25 2026-06-17
CVE-2022-25259 JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. [email protected] 6.1 0.56% 2022-02-25 2026-06-17
CVE-2022-24328 In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. [email protected] 6.5 0.79% 2022-02-25 2026-06-17
«« First « Prev Page 1 / 2 Next »
cvelogic Threat Intelligence