Upsource
CVE-2021-30482
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly
AnalysisAI
In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-281. In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly Affected products include: Jetbrains Upsource. Version information: before 2020.1.1883.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands. Rated critical
JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS. Rate
Server metadata could be exposed because one of the error messages reflected the whole response back to the client in Je
Same weakness CWE-281 – Improper Preservation of Permissions
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today