Known Vulnerabilities for Hub by Jetbrains

Listed below are 10 of the newest known vulnerabilities associated with "Hub" by "Jetbrains".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-24328 In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. 6.5 - MEDIUM 2022-02-25 2022-03-04
CVE-2022-24327 In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. 7.5 - HIGH 2022-02-25 2022-03-04
CVE-2021-43180 In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. 7.5 - HIGH 2021-11-09 2021-11-10
CVE-2021-37541 In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. 6.1 - MEDIUM 2021-08-06 2021-08-12
CVE-2021-37540 In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. 6.5 - MEDIUM 2021-08-06 2023-08-08
CVE-2021-36209 In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. 9.8 - CRITICAL 2021-08-06 2021-08-12
CVE-2021-31901 In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group. 7.5 - HIGH 2021-05-11 2021-05-17
CVE-2021-25760 In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible. 5.3 - MEDIUM 2021-02-03 2022-06-28
CVE-2021-25759 In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user. 6.5 - MEDIUM 2021-02-03 2022-07-12
CVE-2021-25757 In JetBrains Hub before 2020.1.12629, an open redirect was possible. 6.1 - MEDIUM 2021-02-03 2021-02-04
Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationJetbrainsHub2020.1.12669AllAllAll
ApplicationJetbrainsHub2020.1.12629AllAllAll
ApplicationJetbrainsHub2020.1.12099AllAllAll
ApplicationJetbrainsHub2019.1.11738AllAllAll
ApplicationJetbrainsHub2019.1AllAllAll
ApplicationJetbrainsHub2018.4.11436AllAllAll
ApplicationJetbrainsHub2018.4.11298AllAllAll
ApplicationJetbrainsHub2018.3AllAllAll
ApplicationJetbrainsHub2018.1AllAllAll
ApplicationJetbrainsHub2017.4AllAllAll
ApplicationJetbrainsHub2017.3AllAllAll
ApplicationJetbrainsHub2017.2AllAllAll
ApplicationJetbrainsHub2017.1.4711AllAllAll
ApplicationJetbrainsHub2017.1.4524AllAllAll
ApplicationJetbrainsHub2017.1AllAllAll
ApplicationJetbrainsHub2.5.456AllAllAll
ApplicationJetbrainsHub2.5.450AllAllAll
ApplicationJetbrainsHub2.5.359AllAllAll
ApplicationJetbrainsHub2.5.330AllAllAll
ApplicationJetbrainsHub2.0.314AllAllAll
Results limited to 20 most recent known configurations
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report