Skip to main content

Hub CVE-2024-50573

MEDIUM
Missing Authorization (CWE-862)
2024-10-28 cve@jetbrains.com
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 28, 2024 - 13:15 nvd
MEDIUM 5.4

DescriptionNVD

In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services

AnalysisAI

In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services Affected products include: Jetbrains Hub. Version information: before 2024.3.47707.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.

More in Hub

View all
CVE-2025-65784 MEDIUM POC
6.5 Jan 13

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-leve

CVE-2026-50242 CRITICAL
9.8 Jun 19

Authentication bypass in JetBrains Hub (the identity and account-management server behind TeamCity, YouTrack, and other

CVE-2026-56141 CRITICAL
9.8 Jun 19

Account takeover in JetBrains Hub is possible through predictable restore codes, affecting all versions prior to 2026.1.

CVE-2025-65783 CRITICAL
9.8 Jan 13

Hub v2.0 property management system allows unauthenticated arbitrary file upload via /utils/uploadFile. Malicious PDF fi

CVE-2022-25262 CRITICAL
9.8 Feb 25

In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. Rated critical severity (CVSS 9.8), this vulne

CVE-2021-43183 CRITICAL
9.8 Nov 09

In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. Rated critical severity

CVE-2021-36209 CRITICAL
9.8 Aug 06

In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. Rated critical severity (CVSS

CVE-2026-25848 CRITICAL
9.1 Feb 09

JetBrains Hub before 2025.3.119807 has an authentication bypass allowing administrative actions without proper credentia

CVE-2022-25260 CRITICAL
9.1 Feb 25

JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). Rated critical severity (C

CVE-2026-56142 HIGH
8.8 Jun 19

Privilege escalation in JetBrains Hub (versions prior to 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024

CVE-2014-0177 LOW POC
3.6 May 27

The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlin

CVE-2023-45823 HIGH
7.5 Oct 19

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for

Share

CVE-2024-50573 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy