Exposure of GitHub Access Tokens in JetBrains IDEs by JetBrains
CVE-2024-37051

9.3CRITICAL

Key Information:

Vendor: Jetbrains
Status: Intellij Idea; Aqua; Clion; Datagrip
Vendor: CVE Published:; 10 June 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

The vulnerability in JetBrains IDEs can potentially expose GitHub access tokens to unauthorized third-party sites. This issue affects multiple IDE versions, including IntelliJ IDEA, CLion, DataGrip, GoLand, PhpStorm, PyCharm, Rider, RubyMine, RustRover, and WebStorm. Developers utilizing these tools are at risk of token exposure, which could enable malicious entities to gain unauthorized access to repositories. Users are advised to promptly update their IDEs to secure versions to mitigate this risk. Regular monitoring of security advisories and implementing best practices in credential management can help protect sensitive information from exposure.

Affected Version(s)

Aqua 0 < 2024.1.2

CLion 2023.1 < 2023.1.7

CLion 2023.1 < 2023.2.4

News Articles

CVE-2024-37051: кибербандиты похищают GitHub-токены через IntelliJ IDEA

Как популярная среда разработки стала точкой входа для дальнейшей компрометации?

thmubnail image

Help Net Security

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) - Help Net Security

CVE-2024-37051 could expose users of JetBrains' integrated development environments (IDEs) to GitHub access token compromise.

thmubnail image

References

https://www.jetbrains.com/privacy-security/issues-fixed/

https://security.netapp.com/advisory/ntap-20240705-0004/

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

🟡
Public PoC available
Jun 13, 2024
👾
Exploit known to exist
Jun 13, 2024
📰
First article discovered by Help Net Security
Jun 11, 2024
Vulnerability published
Jun 10, 2024

.