Skip to main content

Hub CVE-2021-43180

HIGH
2021-11-09 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 09, 2021 - 16:15 nvd
HIGH 7.5

DescriptionNVD

In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.

AnalysisAI

In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. Affected products include: Jetbrains Hub. Version information: before 2021.1.13690.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Hub

View all
CVE-2025-65784 MEDIUM POC
6.5 Jan 13

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-leve

CVE-2026-50242 CRITICAL
9.8 Jun 19

Authentication bypass in JetBrains Hub (the identity and account-management server behind TeamCity, YouTrack, and other

CVE-2026-56141 CRITICAL
9.8 Jun 19

Account takeover in JetBrains Hub is possible through predictable restore codes, affecting all versions prior to 2026.1.

CVE-2025-65783 CRITICAL
9.8 Jan 13

Hub v2.0 property management system allows unauthenticated arbitrary file upload via /utils/uploadFile. Malicious PDF fi

CVE-2022-25262 CRITICAL
9.8 Feb 25

In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. Rated critical severity (CVSS 9.8), this vulne

CVE-2021-43183 CRITICAL
9.8 Nov 09

In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. Rated critical severity

CVE-2021-36209 CRITICAL
9.8 Aug 06

In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. Rated critical severity (CVSS

CVE-2026-25848 CRITICAL
9.1 Feb 09

JetBrains Hub before 2025.3.119807 has an authentication bypass allowing administrative actions without proper credentia

CVE-2022-25260 CRITICAL
9.1 Feb 25

JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). Rated critical severity (C

CVE-2026-56142 HIGH
8.8 Jun 19

Privilege escalation in JetBrains Hub (versions prior to 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024

CVE-2014-0177 LOW POC
3.6 May 27

The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlin

CVE-2023-45823 HIGH
7.5 Oct 19

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for

Share

CVE-2021-43180 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy