FKIE_CVE-2024-37051
Vulnerability from fkie_nvd - Published: 2024-06-10 16:15 - Updated: 2024-11-21 09:23
Severity ?
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jetbrains | aqua | * | |
| jetbrains | clion | * | |
| jetbrains | clion | * | |
| jetbrains | clion | * | |
| jetbrains | clion | * | |
| jetbrains | datagrip | * | |
| jetbrains | datagrip | * | |
| jetbrains | datagrip | * | |
| jetbrains | datagrip | * | |
| jetbrains | dataspell | * | |
| jetbrains | dataspell | * | |
| jetbrains | dataspell | * | |
| jetbrains | dataspell | * | |
| jetbrains | goland | * | |
| jetbrains | goland | * | |
| jetbrains | goland | * | |
| jetbrains | goland | * | |
| jetbrains | intellij_idea | * | |
| jetbrains | intellij_idea | * | |
| jetbrains | intellij_idea | * | |
| jetbrains | intellij_idea | * | |
| jetbrains | mps | * | |
| jetbrains | mps | 2023.3.0 | |
| jetbrains | phpstorm | * | |
| jetbrains | phpstorm | * | |
| jetbrains | phpstorm | * | |
| jetbrains | phpstorm | * | |
| jetbrains | pycharm | * | |
| jetbrains | pycharm | * | |
| jetbrains | pycharm | * | |
| jetbrains | pycharm | * | |
| jetbrains | rider | * | |
| jetbrains | rider | * | |
| jetbrains | rider | * | |
| jetbrains | rider | * | |
| jetbrains | rubymine | * | |
| jetbrains | rubymine | * | |
| jetbrains | rubymine | * | |
| jetbrains | rubymine | * | |
| jetbrains | rustrover | * | |
| jetbrains | webstorm | * | |
| jetbrains | webstorm | * | |
| jetbrains | webstorm | * | |
| jetbrains | webstorm | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jetbrains:aqua:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20608E8B-5B89-41AC-BDF9-1B78BA4CDE62",
"versionEndExcluding": "2024.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC5C849-5663-4040-A967-D82B67588F15",
"versionEndExcluding": "2023.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "394A2D3B-C1D5-4942-A6B3-326DA6E4586B",
"versionEndExcluding": "2023.2.4",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB121B1D-34B9-4C08-8652-4791E7B92C20",
"versionEndExcluding": "2023.3.5",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "177F5831-420A-4EC7-8520-79BEA7DC91A1",
"versionEndExcluding": "2024.1.3",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F42B34B-DD62-4076-B965-D784F28361F1",
"versionEndExcluding": "2023.1.3",
"versionStartIncluding": "2023.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8371359A-BCB7-40E6-BE71-16E107288E49",
"versionEndExcluding": "2023.2.4",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2E54A2-FCAF-451D-87D2-70F9D4DC5C5F",
"versionEndExcluding": "2023.3.5",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "198ED5D0-C88D-4AFA-9E15-9934C66650F6",
"versionEndExcluding": "2024.1.4",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD714D72-765A-4C2B-A1EA-ED79681DF0A1",
"versionEndExcluding": "2023.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04D60572-17BB-4F5C-96E2-41482F0312DA",
"versionEndExcluding": "2023.2.7",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "249CCE69-467E-4181-B114-4BE2566CFAC4",
"versionEndExcluding": "2023.3.6",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2523C4F3-39A5-4FCA-90CA-3B121460733B",
"versionEndExcluding": "2024.1.2",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8C3F6C-4CAD-4AFC-9625-7CDD5AB2472E",
"versionEndExcluding": "2023.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FA39DB-F6A1-4213-A0BF-37A1FFC56CF2",
"versionEndExcluding": "2023.2.7",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91F7AE04-C3B2-4700-89C2-64FFD59C313B",
"versionEndExcluding": "2023.3.7",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB43612E-FD6C-4220-8B11-336B4F2AF1ED",
"versionEndExcluding": "2024.1.3",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B29A0AC-82A9-4E3B-A425-CE60024A0B2B",
"versionEndExcluding": "2023.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3284FF4C-73B4-41B8-8F68-AF8DD234DDB6",
"versionEndExcluding": "2023.2.7",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39D4B44F-9182-437D-8E69-FDE818F7921B",
"versionEndExcluding": "2023.3.7",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF21B58-29E9-4446-A27A-BB12C7C311E9",
"versionEndExcluding": "2024.1.3",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:mps:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B284C2E0-4CE1-49BA-9AEF-8B0B5D6CB33C",
"versionEndExcluding": "2023.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:mps:2023.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1342D0F0-35E1-42B6-8D0B-95D2C6E5E348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC207EA-07BE-403B-B759-900F3EE90272",
"versionEndExcluding": "2023.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71DF05BF-A5E6-4BCF-B806-BD4E73D4D903",
"versionEndExcluding": "2023.2.6",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61A47B15-DA71-48AE-8AA0-B9BA68F20AFC",
"versionEndExcluding": "2023.3.7",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07D8FF11-75BC-4802-8414-7A132D929040",
"versionEndExcluding": "2024.1.3",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21BB4064-431B-4D86-9C48-D2AC47E37226",
"versionEndExcluding": "2023.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2CF5D2-0BC4-43F2-BC49-CB3F3641B9E1",
"versionEndExcluding": "2023.2.7",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "394B00FC-FBA7-40FE-8082-28C662692ECB",
"versionEndExcluding": "2023.3.6",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C55365AC-1F86-4EDF-BB75-0AD048E6BE21",
"versionEndExcluding": "2024.1.3",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B5658AA-5223-4E63-BB1F-9584C614CBE6",
"versionEndExcluding": "2023.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC318D9-7713-42E1-BD17-B3A569F356EF",
"versionEndExcluding": "2023.2.5",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5525193-53E0-42B5-87CD-DDABBFBCBD99",
"versionEndExcluding": "2023.3.6",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E62FF44C-C639-4751-A512-9A88E7D16982",
"versionEndExcluding": "2024.1.3",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C88E44A7-4F55-47DD-8B45-33FA50FF4D92",
"versionEndExcluding": "2023.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "017D5DBB-AD63-4B95-86BD-A1425EB4D881",
"versionEndExcluding": "2023.2.7",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "091F7E8D-18F9-47BA-9DC9-96245DF10789",
"versionEndExcluding": "2023.3.7",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34DC255F-9ECC-4B41-A8BA-0F70792823A3",
"versionEndExcluding": "2024.1.3",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rustrover:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA65266-C23F-403C-AD23-59096B41AD58",
"versionEndExcluding": "2024.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6367B0C-9050-4BDC-9D26-80C251FC3270",
"versionEndExcluding": "2023.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA57E3D7-80D1-420F-9FA7-2D503626027F",
"versionEndExcluding": "2023.2.7",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D60460C9-6913-441E-99BE-19EB4459836F",
"versionEndExcluding": "2023.3.7",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1720820F-2FB4-4AAC-A139-CF7C493A751A",
"versionEndExcluding": "2024.1.4",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4"
},
{
"lang": "es",
"value": "El token de acceso de GitHub podr\u00eda estar expuesto a sitios de terceros en los IDE de JetBrains posteriores a la versi\u00f3n 2023.1 y anteriores a: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4 "
}
],
"id": "CVE-2024-37051",
"lastModified": "2024-11-21T09:23:06.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.8,
"source": "cve@jetbrains.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-10T16:15:16.713",
"references": [
{
"source": "cve@jetbrains.com",
"url": "https://security.netapp.com/advisory/ntap-20240705-0004/"
},
{
"source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240705-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"sourceIdentifier": "cve@jetbrains.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "cve@jetbrains.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…