All the vulnerabilites related to JetBrains - WebStorm
cve-2021-45977
Vulnerability from cvelistv5
Published
2022-02-25 14:36
Modified
2024-08-04 04:54
Severity ?
EPSS score ?
Summary
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1.
References
▼ | URL | Tags |
---|---|---|
https://jetbrains.com | x_refsource_MISC | |
https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/ | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:54:31.110Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jetbrains.com" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-25T14:36:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://jetbrains.com" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-45977", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://jetbrains.com", "refsource": "MISC", "url": "https://jetbrains.com" }, { "name": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/", "refsource": "MISC", "url": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-45977", "datePublished": "2022-02-25T14:36:13", "dateReserved": "2022-01-01T00:00:00", "dateUpdated": "2024-08-04T04:54:31.110Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-31897
Vulnerability from cvelistv5
Published
2021-05-11 12:19
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.
References
▼ | URL | Tags |
---|---|---|
https://blog.jetbrains.com | x_refsource_MISC | |
https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/ | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:10:30.803Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.jetbrains.com" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-11T12:19:47", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://blog.jetbrains.com" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-31897", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://blog.jetbrains.com", "refsource": "MISC", "url": "https://blog.jetbrains.com" }, { "name": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/", "refsource": "MISC", "url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-31897", "datePublished": "2021-05-11T12:19:47", "dateReserved": "2021-04-29T00:00:00", "dateUpdated": "2024-08-03T23:10:30.803Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-31898
Vulnerability from cvelistv5
Published
2021-05-11 12:18
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS.
References
▼ | URL | Tags |
---|---|---|
https://blog.jetbrains.com | x_refsource_MISC | |
https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/ | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:10:30.734Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.jetbrains.com" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-11T12:18:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://blog.jetbrains.com" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-31898", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://blog.jetbrains.com", "refsource": "MISC", "url": "https://blog.jetbrains.com" }, { "name": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/", "refsource": "MISC", "url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-31898", "datePublished": "2021-05-11T12:18:20", "dateReserved": "2021-04-29T00:00:00", "dateUpdated": "2024-08-03T23:10:30.734Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-37051
Vulnerability from cvelistv5
Published
2024-06-10 15:58
Modified
2024-09-17 03:55
Severity ?
EPSS score ?
Summary
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "intellij_idea", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.1.7", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "intellij_idea", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.2.7", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "intellij_idea", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.3.7", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "intellij_idea", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.1.3", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "intellij_idea", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.2 EAP3", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:aqua:2024.1.2:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aqua", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.1.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "clion", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.1.7", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "clion", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.2.4", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "clion", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.3.5", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "clion", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.1.3", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:datagrip:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "datagrip", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.1.4", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "dataspell", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.1.6", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "clion", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.2_eap2", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:datagrip:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "datagrip", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.1.3", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:datagrip:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "datagrip", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.2.4", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:datagrip:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "datagrip", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.3.5", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "dataspell", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.2.7", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "dataspell", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.3.6", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "dataspell", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.1.2", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "dataspell", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.2 EAP1", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "goland", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.1.6", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "goland", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.2.7", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "goland", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.3.7", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "goland", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.1.3", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "goland", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.2 EAP3", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:mps:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mps", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.2.1", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:mps:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mps", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.3.1", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:mps:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mps", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.1 EAP2", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "phpstorm", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.1.6", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "phpstorm", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.2.6", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "phpstorm", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.3.7", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "phpstorm", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.1.3", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "phpstorm", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.2 EAP3", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "pycharm", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.1.6", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "pycharm", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.2.7", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "pycharm", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.3.6", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "pycharm", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.1.3", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "pycharm", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.2 EAP2", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:rider:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rider", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.1.7", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:rider:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rider", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.2.5", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:rider:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rider", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.3.6", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "clion", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.1.3", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rubymine", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.1.7", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rubymine", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.2.7", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rubymine", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.3.7", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rubymine", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.1.3", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rubymine", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.2 EAP4", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:rustrover:2024.1.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rustrover", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.1.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "webstorm", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.1.6", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "webstorm", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.2.7", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "webstorm", "vendor": "jetbrains", "versions": [ { "lessThan": "2023.3.7", "status": "affected", "version": "2023.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "webstorm", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.1.4", "status": "affected", "version": "2023.1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-37051", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-17T03:55:09.096Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:43:50.910Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.jetbrains.com/privacy-security/issues-fixed/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240705-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "IntelliJ IDEA", "vendor": "JetBrains", "versions": [ { "lessThan": "2023.1.7", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.2.7", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.3.7", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2024.1.3", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2024.2 EAP3", "status": "affected", "version": "2023.1", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Aqua", "vendor": "JetBrains", "versions": [ { "lessThan": "2024.1.2", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CLion", "vendor": "JetBrains", "versions": [ { "lessThan": "2023.1.7", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.2.4", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.3.5", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2024.1.3", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2024.2 EAP2", "status": "affected", "version": "2023.1", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "DataGrip", "vendor": "JetBrains", "versions": [ { "lessThan": "2023.1.3", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.2.4", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.3.5", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2024.1.4", "status": "affected", "version": "2023.1", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "DataSpell", "vendor": "JetBrains", "versions": [ { "lessThan": "2023.1.6", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.2.7", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.3.6", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2024.1.2", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2024.2 EAP1", "status": "affected", "version": "2023.1", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "GoLand", "vendor": "JetBrains", "versions": [ { "lessThan": "2023.1.6", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.2.7", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.3.7", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2024.1.3", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2024.2 EAP3", "status": "affected", "version": "2023.1", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "MPS", "vendor": "JetBrains", "versions": [ { "lessThan": "2023.2.1", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.3.1", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2024.1 EAP2", "status": "affected", "version": "2023.1", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PhpStorm", "vendor": "JetBrains", "versions": [ { "lessThan": "2023.1.6", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.2.6", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.3.7", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2024.1.3", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2024.2 EAP3", "status": "affected", "version": "2023.1", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "PyCharm", "vendor": "JetBrains", "versions": [ { "lessThan": "2023.1.6", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.2.7", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.3.6", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2024.1.3", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2024.2 EAP2", "status": "affected", "version": "2023.1", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Rider", "vendor": "JetBrains", "versions": [ { "lessThan": "2023.1.7", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.2.5", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.3.6", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2024.1.3", "status": "affected", "version": "2023.1", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "RubyMine", "vendor": "JetBrains", "versions": [ { "lessThan": "2023.1.7", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.2.7", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.3.7", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2024.1.3", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2024.2 EAP4", "status": "affected", "version": "2023.1", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "RustRover", "vendor": "JetBrains", "versions": [ { "lessThan": "2024.1.1", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "WebStorm", "vendor": "JetBrains", "versions": [ { "lessThan": "2023.1.6", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.2.7", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2023.3.7", "status": "affected", "version": "2023.1", "versionType": "semver" }, { "lessThan": "2024.1.4", "status": "affected", "version": "2023.1", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-10T15:58:06.021Z", "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014", "shortName": "JetBrains" }, "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/" }, { "url": "https://security.netapp.com/advisory/ntap-20240705-0004/" } ] } }, "cveMetadata": { "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014", "assignerShortName": "JetBrains", "cveId": "CVE-2024-37051", "datePublished": "2024-06-10T15:58:06.021Z", "dateReserved": "2024-05-31T14:05:53.462Z", "dateUpdated": "2024-09-17T03:55:09.096Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-52555
Vulnerability from cvelistv5
Published
2024-11-15 15:05
Modified
2024-11-15 18:56
Severity ?
EPSS score ?
Summary
In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "webstorm", "vendor": "jetbrains", "versions": [ { "lessThan": "2024.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-52555", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-15T18:55:09.689738Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-15T18:56:12.581Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "WebStorm", "vendor": "JetBrains", "versions": [ { "lessThan": "2024.3", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-349", "description": "CWE-349", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T15:05:03.874Z", "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014", "shortName": "JetBrains" }, "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/" } ] } }, "cveMetadata": { "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014", "assignerShortName": "JetBrains", "cveId": "CVE-2024-52555", "datePublished": "2024-11-15T15:05:03.874Z", "dateReserved": "2024-11-13T15:25:18.383Z", "dateUpdated": "2024-11-15T18:56:12.581Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }