CVE-2024-37051
Key Information
- Vendor
- Jetbrains
- Status
- Intellij Idea
- Aqua
- Clion
- Datagrip
- Vendor
- CVE Published:
- 10 June 2024
Badges
Summary
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
Affected Version(s)
IntelliJ IDEA < 2023.1.7
IntelliJ IDEA < 2023.2.7
IntelliJ IDEA < 2023.3.7
News Articles
CVE-2024-37051: кибербандиты похищают GitHub-токены через IntelliJ IDEA
Как популярная среда разработки стала точкой входа для дальнейшей компрометации?
6 months ago
Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) - Help Net Security
CVE-2024-37051 could expose users of JetBrains' integrated development environments (IDEs) to GitHub access token compromise.
6 months ago
Refferences
CVSS V3.1
Timeline
- 🔴
Public PoC available
- 👾
Exploit known to exist
First article discovered by Help Net Security
Vulnerability published