Description
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| JetBrains | IntelliJ IDEA | unaffected |
|
||||||||||||||||||
| JetBrains | Aqua | unaffected |
|
||||||||||||||||||
| JetBrains | CLion | unaffected |
|
||||||||||||||||||
| JetBrains | DataGrip | unaffected |
|
||||||||||||||||||
| JetBrains | DataSpell | unaffected |
|
||||||||||||||||||
| JetBrains | GoLand | unaffected |
|
||||||||||||||||||
| JetBrains | MPS | unaffected |
|
||||||||||||||||||
| JetBrains | PhpStorm | unaffected |
|
||||||||||||||||||
| JetBrains | PyCharm | unaffected |
|
||||||||||||||||||
| JetBrains | Rider | unaffected |
|
||||||||||||||||||
| JetBrains | RubyMine | unaffected |
|
||||||||||||||||||
| JetBrains | RustRover | unaffected |
|
||||||||||||||||||
| JetBrains | WebStorm | unaffected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-36408 | GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4 |
References
History
Wed, 18 Sep 2024 08:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:jetbrains:aqua:2024.1.2:*:*:*:*:*:*:* cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:* cpe:2.3:a:jetbrains:datagrip:2023.1:*:*:*:*:*:*:* cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:* cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:* cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:* cpe:2.3:a:jetbrains:mps:2023.1:*:*:*:*:*:*:* cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:* cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:* cpe:2.3:a:jetbrains:rider:2023.1:*:*:*:*:*:*:* cpe:2.3:a:jetbrains:rustrover:2024.1.1:*:*:*:*:*:*:* |
|
| Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: JetBrains
Published:
Updated: 2025-02-13T17:52:58.741Z
Reserved: 2024-05-31T14:05:53.462Z
Link: CVE-2024-37051
Vulnrichment
Updated: 2024-08-02T03:43:50.910Z
NVD
Status : Modified
Published: 2024-06-10T16:15:16.713
Modified: 2024-11-21T09:23:06.323
Link: CVE-2024-37051
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses