Login Sign Up

CVE-2021-31901

7.5 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in JetBrains Hub allows attackers to bypass two-factor authentication for users in the 'All Users' group. It affects organizations using JetBrains Hub for identity management and single sign-on. The flaw enables unauthorized access to protected systems and data.

💻 Affected Systems

Products:
  • JetBrains Hub
Versions: All versions before 2021.1.13079
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations with the 'All Users' group enabled, which is typically the default configuration.

📦 What is this software?

Hub by Jetbrains

View all CVEs affecting Hub →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain unauthorized access to all Hub-managed systems and sensitive user data, potentially leading to data breaches, privilege escalation, and lateral movement across the network.

🟠

Likely Case

Attackers bypass 2FA for targeted users, gaining unauthorized access to Hub-managed applications and potentially sensitive organizational resources.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to Hub system itself with minimal lateral movement potential.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to Hub interface but authentication bypass is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2021.1.13079 or later

Vendor Advisory: https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/

Restart Required: Yes

Instructions:

1. Backup Hub configuration and data. 2. Download and install Hub version 2021.1.13079 or later from JetBrains website. 3. Restart Hub service. 4. Verify 2FA is properly enforced for All Users group.

🔧 Temporary Workarounds

Disable All Users Group

all

Temporarily disable or remove users from the 'All Users' group to prevent exploitation

Navigate to Hub Admin → Groups → All Users → Disable or remove members

Network Segmentation

all

Restrict access to Hub administration interface to trusted IP addresses only

Configure firewall rules to limit Hub admin interface access

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach the Hub interface
  • Enable enhanced logging and monitoring for authentication events and group membership changes

🔍 How to Verify

Check if Vulnerable:

Check Hub version in Admin interface. If version is below 2021.1.13079, system is vulnerable.

Check Version:

Check Hub Admin dashboard or run: curl -k https://hub-server/admin/api/version

Verify Fix Applied:

After patching, verify version is 2021.1.13079 or later and test that 2FA is enforced for All Users group members.

📡 Detection & Monitoring

Log Indicators:

  • Failed 2FA attempts for All Users group members
  • Unauthorized access to Hub admin interface
  • Group membership changes without proper authentication

Network Indicators:

  • Unusual authentication traffic patterns to Hub
  • Access attempts from unexpected IP addresses

SIEM Query:

source="hub" AND (event_type="auth_failure" OR event_type="group_change") AND group="All Users"

📊 Metadata

CVE ID: CVE-2021-31901
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Published: May 11, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON