Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.
AnalysisAI
In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. Affected products include: Jetbrains Hub. Version information: before 2021.1.13690.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-leve
Authentication bypass in JetBrains Hub (the identity and account-management server behind TeamCity, YouTrack, and other
Account takeover in JetBrains Hub is possible through predictable restore codes, affecting all versions prior to 2026.1.
Hub v2.0 property management system allows unauthenticated arbitrary file upload via /utils/uploadFile. Malicious PDF fi
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. Rated critical severity (CVSS 9.8), this vulne
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. Rated critical severity
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. Rated critical severity (CVSS
JetBrains Hub before 2025.3.119807 has an authentication bypass allowing administrative actions without proper credentia
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). Rated critical severity (C
Privilege escalation in JetBrains Hub (versions prior to 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024
The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlin
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today