CVE-2021-30482
📋 TL;DR
This vulnerability in JetBrains UpSource allows application passwords to remain valid after they should have been revoked, potentially enabling unauthorized access. It affects organizations using UpSource for code review and collaboration. The issue stems from improper password revocation handling.
💻 Affected Systems
- JetBrains UpSource
📦 What is this software?
Upsource by Jetbrains
⚠️ Risk & Real-World Impact
Worst Case
Former employees or attackers with stolen credentials maintain persistent access to source code repositories, enabling intellectual property theft, code manipulation, or further network compromise.
Likely Case
Unauthorized users access code repositories using previously issued application passwords that should have been revoked, potentially exposing sensitive code or development data.
If Mitigated
With proper access controls and monitoring, impact is limited to potential unauthorized viewing of code repositories, with no escalation or data modification capabilities.
🎯 Exploit Status
Exploitation requires knowledge of application passwords that should have been revoked but remain active due to the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2020.1.1883 and later
Vendor Advisory: https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/
Restart Required: Yes
Instructions:
1. Download UpSource version 2020.1.1883 or later from JetBrains website. 2. Stop the UpSource service. 3. Backup current installation and data. 4. Install the updated version. 5. Restart the UpSource service. 6. Verify functionality.
🔧 Temporary Workarounds
Manual Password Revocation
allManually revoke all existing application passwords and reissue only necessary ones
Access UpSource admin interface > Security > Application Passwords > Revoke All
Network Access Restriction
allRestrict network access to UpSource instance while awaiting patch
Configure firewall rules to limit access to trusted IP addresses only
🧯 If You Can't Patch
- Implement strict network segmentation and firewall rules to limit UpSource access
- Enable comprehensive logging and monitoring for all UpSource authentication attempts
🔍 How to Verify
Check if Vulnerable:
Check UpSource version in admin interface or via system information. If version is below 2020.1.1883, system is vulnerable.Check Version:
Check admin dashboard or run: java -jar upsource.jar --version (location varies by installation)Verify Fix Applied:
After updating, verify version is 2020.1.1883 or higher and test that revoked application passwords no longer work.📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts with revoked passwords
- Unusual access patterns from unexpected locations or users
Network Indicators:
- Authentication requests to UpSource API endpoints from unauthorized sources
SIEM Query:
source="upsource" AND (event_type="authentication" AND result="success") | stats count by user, source_ip