CRITICALβœ“ PATCHπŸ‡΅πŸ‡± Wersja polska

CVE-2024-37051

CVSS 9.3v3.1pub. 2024-06-10upd. 2024-11-21

GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
  • Jetbrains Aqua

    APP
    Jetbrains
    < 2024.1.2
  • Jetbrains Clion

    APP
    Jetbrains
    < 2023.1.72023.2.0 – 2023.2.4 (bez)2023.3.0 – 2023.3.5 (bez)2024.1.0 – 2024.1.3 (bez)
  • Jetbrains Datagrip

    APP
    Jetbrains
    2023.1.0 – 2023.1.3 (bez)2023.2.0 – 2023.2.4 (bez)2023.3.0 – 2023.3.5 (bez)2024.1.0 – 2024.1.4 (bez)
  • Jetbrains Dataspell

    APP
    Jetbrains
    < 2023.1.62023.2.0 – 2023.2.7 (bez)2023.3.0 – 2023.3.6 (bez)2024.1.0 – 2024.1.2 (bez)
  • Jetbrains Goland

    APP
    Jetbrains
    < 2023.1.62023.2.0 – 2023.2.7 (bez)2023.3.0 – 2023.3.7 (bez)2024.1.0 – 2024.1.3 (bez)
  • Jetbrains Intellij Idea

    APP
    Jetbrains
    < 2023.1.72023.2.0 – 2023.2.7 (bez)2023.3.0 – 2023.3.7 (bez)2024.1.0 – 2024.1.3 (bez)
  • Jetbrains Mps

    APP
    Jetbrains
    2023.3.0< 2023.2.1
  • Jetbrains Phpstorm

    APP
    Jetbrains
    < 2023.1.62023.2.0 – 2023.2.6 (bez)2023.3.0 – 2023.3.7 (bez)2024.1.0 – 2024.1.3 (bez)
  • Jetbrains Pycharm

    APP
    Jetbrains
    < 2023.1.62023.2.0 – 2023.2.7 (bez)2023.3.0 – 2023.3.6 (bez)2024.1.0 – 2024.1.3 (bez)
  • Jetbrains Rider

    APP
    Jetbrains
    < 2023.1.72023.2.0 – 2023.2.5 (bez)2023.3.0 – 2023.3.6 (bez)2024.1.0 – 2024.1.3 (bez)
  • Jetbrains Rubymine

    APP
    Jetbrains
    < 2023.1.72023.2.0 – 2023.2.7 (bez)2023.3.0 – 2023.3.7 (bez)2024.1.0 – 2024.1.3 (bez)
  • Jetbrains Rustrover

    APP
    Jetbrains
    < 2024.1.1
  • Jetbrains Webstorm

    APP
    Jetbrains
    < 2023.1.62023.2.0 – 2023.2.7 (bez)2023.3.0 – 2023.3.7 (bez)2024.1.0 – 2024.1.4 (bez)
🟒
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2021-45977CRITICAL9.8ten sam produkt

JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand ...

CVE-2021-31897CRITICAL9.8ten sam produkt

In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted proje...

CVE-2020-11690CRITICAL9.8ten sam produkt

In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some ca...

CVE-2019-9186CRITICAL9.8ten sam produkt

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed ...

CVE-2019-9823CRITICAL9.8ten sam produkt

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers ...

CVE-2024-37051 β€” Jetbrains β€” Aqua β€” CRITICAL β€” CVSS 9.3 | CVEbaza.pl