Two-Factor Authentication Settings Vulnerability in JetBrains Hub
CVE-2021-25759

6.5MEDIUM

Key Information:

Vendor: Jetbrains
Status: Hub
Vendor: CVE Published:; 3 February 2021

What is CVE-2021-25759?

In JetBrains Hub versions prior to 2020.1.12629, an authenticated user has the ability to delete two-factor authentication (2FA) settings for any other user. This vulnerability poses a significant risk as it can compromise user accounts and bypass security controls designed to protect sensitive data. Proper access controls should be instituted to prevent unauthorized users from manipulating 2FA configurations.

References

https://blog.jetbrains.com

x_refsource_MISC

https://blog.jetbrains.com/blog/2021/02/03/jetbrains-secu...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2021
Vulnerability Reserved
Jan 21, 2021

Jetbrains

What is CVE-2021-25759?

References

CVSS V3.1

Timeline