cve/2024/CVE-2024-37051.md

### [CVE-2024-37051](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37051)
![](https://img.shields.io/static/v1?label=Product&message=Aqua&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=CLion&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=DataGrip&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=DataSpell&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=GoLand&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=IntelliJ%20IDEA&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=MPS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=PhpStorm&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=PyCharm&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Rider&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=RubyMine&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=RustRover&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=WebStorm&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%202024.1.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%202024.1.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=2023.1%3C%202023.1.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=2023.1%3C%202023.1.6%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=2023.1%3C%202023.1.7%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=2023.1%3C%202023.2.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-522%3A%20Insufficiently%20Protected%20Credentials&color=brighgreen)

### Description

GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/nomi-sec/PoC-in-GitHub
Update CVE sources 2024-06-22 09:37 2024-06-22 09:37:59 +00:00			`### [CVE-2024-37051](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37051)`
			`![](https://img.shields.io/static/v1?label=Product&message=Aqua&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=CLion&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=DataGrip&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=DataSpell&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=GoLand&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=IntelliJ%20IDEA&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=MPS&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=PhpStorm&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=PyCharm&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Rider&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=RubyMine&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=RustRover&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=WebStorm&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%202024.1.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%202024.1.2%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=2023.1%3C%202023.1.3%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=2023.1%3C%202023.1.6%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=2023.1%3C%202023.1.7%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=2023.1%3C%202023.2.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-522%3A%20Insufficiently%20Protected%20Credentials&color=brighgreen)`

			`### Description`

			GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/nomi-sec/PoC-in-GitHub`