{ "id": "CVE-2024-37051", "sourceIdentifier": "cve@jetbrains.com", "published": "2024-06-10T16:15:16.713", "lastModified": "2024-07-05T16:15:04.777", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4" }, { "lang": "es", "value": "El token de acceso de GitHub podr\u00eda estar expuesto a sitios de terceros en los IDE de JetBrains posteriores a la versi\u00f3n 2023.1 y anteriores a: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4 " } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 }, { "source": "cve@jetbrains.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 2.8, "impactScore": 5.8 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-522" } ] }, { "source": "cve@jetbrains.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-522" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:aqua:*:*:*:*:*:*:*:*", "versionEndExcluding": "2024.1.2", "matchCriteriaId": "20608E8B-5B89-41AC-BDF9-1B78BA4CDE62" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*", "versionEndExcluding": "2023.1.7", "matchCriteriaId": "5FC5C849-5663-4040-A967-D82B67588F15" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.2.0", "versionEndExcluding": "2023.2.4", "matchCriteriaId": "394A2D3B-C1D5-4942-A6B3-326DA6E4586B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.3.0", "versionEndExcluding": "2023.3.5", "matchCriteriaId": "AB121B1D-34B9-4C08-8652-4791E7B92C20" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*", "versionStartIncluding": "2024.1.0", "versionEndExcluding": "2024.1.3", "matchCriteriaId": "177F5831-420A-4EC7-8520-79BEA7DC91A1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.1.0", "versionEndExcluding": "2023.1.3", "matchCriteriaId": "7F42B34B-DD62-4076-B965-D784F28361F1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.2.0", "versionEndExcluding": "2023.2.4", "matchCriteriaId": "8371359A-BCB7-40E6-BE71-16E107288E49" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.3.0", "versionEndExcluding": "2023.3.5", "matchCriteriaId": "7B2E54A2-FCAF-451D-87D2-70F9D4DC5C5F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*", "versionStartIncluding": "2024.1.0", "versionEndExcluding": "2024.1.4", "matchCriteriaId": "198ED5D0-C88D-4AFA-9E15-9934C66650F6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*", "versionEndExcluding": "2023.1.6", "matchCriteriaId": "FD714D72-765A-4C2B-A1EA-ED79681DF0A1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.2.0", "versionEndExcluding": "2023.2.7", "matchCriteriaId": "04D60572-17BB-4F5C-96E2-41482F0312DA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.3.0", "versionEndExcluding": "2023.3.6", "matchCriteriaId": "249CCE69-467E-4181-B114-4BE2566CFAC4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*", "versionStartIncluding": "2024.1.0", "versionEndExcluding": "2024.1.2", "matchCriteriaId": "2523C4F3-39A5-4FCA-90CA-3B121460733B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*", "versionEndExcluding": "2023.1.6", "matchCriteriaId": "FF8C3F6C-4CAD-4AFC-9625-7CDD5AB2472E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.2.0", "versionEndExcluding": "2023.2.7", "matchCriteriaId": "C7FA39DB-F6A1-4213-A0BF-37A1FFC56CF2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.3.0", "versionEndExcluding": "2023.3.7", "matchCriteriaId": "91F7AE04-C3B2-4700-89C2-64FFD59C313B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*", "versionStartIncluding": "2024.1.0", "versionEndExcluding": "2024.1.3", "matchCriteriaId": "EB43612E-FD6C-4220-8B11-336B4F2AF1ED" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*", "versionEndExcluding": "2023.1.7", "matchCriteriaId": "3B29A0AC-82A9-4E3B-A425-CE60024A0B2B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.2.0", "versionEndExcluding": "2023.2.7", "matchCriteriaId": "3284FF4C-73B4-41B8-8F68-AF8DD234DDB6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.3.0", "versionEndExcluding": "2023.3.7", "matchCriteriaId": "39D4B44F-9182-437D-8E69-FDE818F7921B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*", "versionStartIncluding": "2024.1.0", "versionEndExcluding": "2024.1.3", "matchCriteriaId": "BBF21B58-29E9-4446-A27A-BB12C7C311E9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:mps:*:*:*:*:*:*:*:*", "versionEndExcluding": "2023.2.1", "matchCriteriaId": "B284C2E0-4CE1-49BA-9AEF-8B0B5D6CB33C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:mps:2023.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1342D0F0-35E1-42B6-8D0B-95D2C6E5E348" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*", "versionEndExcluding": "2023.1.6", "matchCriteriaId": "1FC207EA-07BE-403B-B759-900F3EE90272" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.2.0", "versionEndExcluding": "2023.2.6", "matchCriteriaId": "71DF05BF-A5E6-4BCF-B806-BD4E73D4D903" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.3.0", "versionEndExcluding": "2023.3.7", "matchCriteriaId": "61A47B15-DA71-48AE-8AA0-B9BA68F20AFC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*", "versionStartIncluding": "2024.1.0", "versionEndExcluding": "2024.1.3", "matchCriteriaId": "07D8FF11-75BC-4802-8414-7A132D929040" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*", "versionEndExcluding": "2023.1.6", "matchCriteriaId": "21BB4064-431B-4D86-9C48-D2AC47E37226" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.2.0", "versionEndExcluding": "2023.2.7", "matchCriteriaId": "FD2CF5D2-0BC4-43F2-BC49-CB3F3641B9E1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.3.0", "versionEndExcluding": "2023.3.6", "matchCriteriaId": "394B00FC-FBA7-40FE-8082-28C662692ECB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*", "versionStartIncluding": "2024.1.0", "versionEndExcluding": "2024.1.3", "matchCriteriaId": "C55365AC-1F86-4EDF-BB75-0AD048E6BE21" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*", "versionEndExcluding": "2023.1.7", "matchCriteriaId": "4B5658AA-5223-4E63-BB1F-9584C614CBE6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.2.0", "versionEndExcluding": "2023.2.5", "matchCriteriaId": "6DC318D9-7713-42E1-BD17-B3A569F356EF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.3.0", "versionEndExcluding": "2023.3.6", "matchCriteriaId": "D5525193-53E0-42B5-87CD-DDABBFBCBD99" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*", "versionStartIncluding": "2024.1.0", "versionEndExcluding": "2024.1.3", "matchCriteriaId": "E62FF44C-C639-4751-A512-9A88E7D16982" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*", "versionEndExcluding": "2023.1.7", "matchCriteriaId": "C88E44A7-4F55-47DD-8B45-33FA50FF4D92" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.2.0", "versionEndExcluding": "2023.2.7", "matchCriteriaId": "017D5DBB-AD63-4B95-86BD-A1425EB4D881" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.3.0", "versionEndExcluding": "2023.3.7", "matchCriteriaId": "091F7E8D-18F9-47BA-9DC9-96245DF10789" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*", "versionStartIncluding": "2024.1.0", "versionEndExcluding": "2024.1.3", "matchCriteriaId": "34DC255F-9ECC-4B41-A8BA-0F70792823A3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:rustrover:*:*:*:*:*:*:*:*", "versionEndExcluding": "2024.1.1", "matchCriteriaId": "0EA65266-C23F-403C-AD23-59096B41AD58" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*", "versionEndExcluding": "2023.1.6", "matchCriteriaId": "A6367B0C-9050-4BDC-9D26-80C251FC3270" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.2.0", "versionEndExcluding": "2023.2.7", "matchCriteriaId": "FA57E3D7-80D1-420F-9FA7-2D503626027F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.3.0", "versionEndExcluding": "2023.3.7", "matchCriteriaId": "D60460C9-6913-441E-99BE-19EB4459836F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*", "versionStartIncluding": "2024.1.0", "versionEndExcluding": "2024.1.4", "matchCriteriaId": "1720820F-2FB4-4AAC-A139-CF7C493A751A" } ] } ] } ], "references": [ { "url": "https://security.netapp.com/advisory/ntap-20240705-0004/", "source": "cve@jetbrains.com" }, { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "source": "cve@jetbrains.com", "tags": [ "Vendor Advisory" ] } ] }