CVE-2024-37051

CVSS 9.3 CRITICALEPSS 3.8%CWE-522

GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Affected products

JetBrains · Aqua JetBrains · CLion JetBrains · DataGrip JetBrains · DataSpell JetBrains · GoLand JetBrains · IntelliJ IDEA JetBrains · MPS JetBrains · PhpStorm JetBrains · PyCharm JetBrains · Rider JetBrains · RubyMine JetBrains · RustRover JetBrains · WebStorm

public PoCs found — 2

githubgithub.com/LeadroyaL/CVE-2024-37051-EXP★ 29 githubgithub.com/mrblackstar26/CVE-2024-37051★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://security.netapp.com/advisory/ntap-20240705-0004/https://www.jetbrains.com/privacy-security/issues-fixed/