Hub
CVE-2022-24327
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.
AnalysisAI
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. Affected products include: Jetbrains Hub. Version information: before 2021.1.13890.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and restrict file/resource permissions, apply principle of least privilege.
Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-leve
Authentication bypass in JetBrains Hub (the identity and account-management server behind TeamCity, YouTrack, and other
Account takeover in JetBrains Hub is possible through predictable restore codes, affecting all versions prior to 2026.1.
Hub v2.0 property management system allows unauthenticated arbitrary file upload via /utils/uploadFile. Malicious PDF fi
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. Rated critical severity (CVSS 9.8), this vulne
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. Rated critical severity
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. Rated critical severity (CVSS
JetBrains Hub before 2025.3.119807 has an authentication bypass allowing administrative actions without proper credentia
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). Rated critical severity (C
Privilege escalation in JetBrains Hub (versions prior to 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024
The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlin
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today