CVE-2019-12847

Name of the Vulnerable Software and Affected Versions JetBrains Hub versions prior to 2018.4.11298

Description The issue allows audit events for SMTPSettings to display a cleartext password to the admin user. This is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period.

Recommendations For versions prior to 2018.4.11298, update to version 2018.4.11298 or later to resolve the issue. As a temporary workaround, consider changing passwords that have not been updated since 2017 and clearing or restricting access to old audit log events.