CVE-2022-48477 MEDIUM

CVE-2022-48477

Vendor Jetbrains

Product Hub

Weakness CWE-918 · SSRF

Published April 24, 2023

Last update February 4, 2025

View on NVD All CVEs

CVSS base score

4.1/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing

Key dates

02Disclosure timeline

April 24, 2023 CVE published

February 4, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-48477 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

04Related CVE

CVE-2025-13096 XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow - CVE-2023-49094 Symbolicator Server Side Request Forgery vulnerability CVE-2026-53827 OpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.action Forwarding CVE-2024-29090 WordPress AI Engine plugin <= 2.1.4 - Server Side Request Forgery (SSRF) vulnerability CVE-2026-27567 Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads