Cleartext Password Exposure in JetBrains Hub SMTPSettings Audit Events

Cleartext Password Exposure in JetBrains Hub SMTPSettings Audit Events

CVE-2019-12847 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period.

Learn more about our User Device Pen Test.