PT-2019-12986 · Jetbrains · Jetbrains Hub

Published

2019-07-03

Updated

2020-08-24

CVE-2019-12847

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions JetBrains Hub versions prior to 2018.4.11298

Description The issue allows audit events for SMTPSettings to display a cleartext password to the admin user. This is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period.

Recommendations For versions prior to 2018.4.11298, update to version 2018.4.11298 or later to resolve the issue. As a temporary workaround, consider changing passwords that have not been updated since 2017 and clearing or restricting access to old audit log events.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2019-12847

Affected Products

Jetbrains Hub

PT-2019-12986 · Jetbrains · Jetbrains Hub

CVE-2019-12847

Weakness Enumeration

Related Identifiers

Affected Products

References · 3