mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
403 lines
17 KiB
JSON
403 lines
17 KiB
JSON
{
|
|
"id": "CVE-2024-37051",
|
|
"sourceIdentifier": "cve@jetbrains.com",
|
|
"published": "2024-06-10T16:15:16.713",
|
|
"lastModified": "2024-07-05T16:15:04.777",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4"
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "El token de acceso de GitHub podr\u00eda estar expuesto a sitios de terceros en los IDE de JetBrains posteriores a la versi\u00f3n 2023.1 y anteriores a: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4 "
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 3.6
|
|
},
|
|
{
|
|
"source": "cve@jetbrains.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 9.3,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 5.8
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-522"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "cve@jetbrains.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-522"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:aqua:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2024.1.2",
|
|
"matchCriteriaId": "20608E8B-5B89-41AC-BDF9-1B78BA4CDE62"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2023.1.7",
|
|
"matchCriteriaId": "5FC5C849-5663-4040-A967-D82B67588F15"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.2.0",
|
|
"versionEndExcluding": "2023.2.4",
|
|
"matchCriteriaId": "394A2D3B-C1D5-4942-A6B3-326DA6E4586B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.3.0",
|
|
"versionEndExcluding": "2023.3.5",
|
|
"matchCriteriaId": "AB121B1D-34B9-4C08-8652-4791E7B92C20"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2024.1.0",
|
|
"versionEndExcluding": "2024.1.3",
|
|
"matchCriteriaId": "177F5831-420A-4EC7-8520-79BEA7DC91A1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.1.0",
|
|
"versionEndExcluding": "2023.1.3",
|
|
"matchCriteriaId": "7F42B34B-DD62-4076-B965-D784F28361F1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.2.0",
|
|
"versionEndExcluding": "2023.2.4",
|
|
"matchCriteriaId": "8371359A-BCB7-40E6-BE71-16E107288E49"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.3.0",
|
|
"versionEndExcluding": "2023.3.5",
|
|
"matchCriteriaId": "7B2E54A2-FCAF-451D-87D2-70F9D4DC5C5F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2024.1.0",
|
|
"versionEndExcluding": "2024.1.4",
|
|
"matchCriteriaId": "198ED5D0-C88D-4AFA-9E15-9934C66650F6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2023.1.6",
|
|
"matchCriteriaId": "FD714D72-765A-4C2B-A1EA-ED79681DF0A1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.2.0",
|
|
"versionEndExcluding": "2023.2.7",
|
|
"matchCriteriaId": "04D60572-17BB-4F5C-96E2-41482F0312DA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.3.0",
|
|
"versionEndExcluding": "2023.3.6",
|
|
"matchCriteriaId": "249CCE69-467E-4181-B114-4BE2566CFAC4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2024.1.0",
|
|
"versionEndExcluding": "2024.1.2",
|
|
"matchCriteriaId": "2523C4F3-39A5-4FCA-90CA-3B121460733B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2023.1.6",
|
|
"matchCriteriaId": "FF8C3F6C-4CAD-4AFC-9625-7CDD5AB2472E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.2.0",
|
|
"versionEndExcluding": "2023.2.7",
|
|
"matchCriteriaId": "C7FA39DB-F6A1-4213-A0BF-37A1FFC56CF2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.3.0",
|
|
"versionEndExcluding": "2023.3.7",
|
|
"matchCriteriaId": "91F7AE04-C3B2-4700-89C2-64FFD59C313B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2024.1.0",
|
|
"versionEndExcluding": "2024.1.3",
|
|
"matchCriteriaId": "EB43612E-FD6C-4220-8B11-336B4F2AF1ED"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2023.1.7",
|
|
"matchCriteriaId": "3B29A0AC-82A9-4E3B-A425-CE60024A0B2B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.2.0",
|
|
"versionEndExcluding": "2023.2.7",
|
|
"matchCriteriaId": "3284FF4C-73B4-41B8-8F68-AF8DD234DDB6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.3.0",
|
|
"versionEndExcluding": "2023.3.7",
|
|
"matchCriteriaId": "39D4B44F-9182-437D-8E69-FDE818F7921B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2024.1.0",
|
|
"versionEndExcluding": "2024.1.3",
|
|
"matchCriteriaId": "BBF21B58-29E9-4446-A27A-BB12C7C311E9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:mps:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2023.2.1",
|
|
"matchCriteriaId": "B284C2E0-4CE1-49BA-9AEF-8B0B5D6CB33C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:mps:2023.3.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1342D0F0-35E1-42B6-8D0B-95D2C6E5E348"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2023.1.6",
|
|
"matchCriteriaId": "1FC207EA-07BE-403B-B759-900F3EE90272"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.2.0",
|
|
"versionEndExcluding": "2023.2.6",
|
|
"matchCriteriaId": "71DF05BF-A5E6-4BCF-B806-BD4E73D4D903"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.3.0",
|
|
"versionEndExcluding": "2023.3.7",
|
|
"matchCriteriaId": "61A47B15-DA71-48AE-8AA0-B9BA68F20AFC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2024.1.0",
|
|
"versionEndExcluding": "2024.1.3",
|
|
"matchCriteriaId": "07D8FF11-75BC-4802-8414-7A132D929040"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2023.1.6",
|
|
"matchCriteriaId": "21BB4064-431B-4D86-9C48-D2AC47E37226"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.2.0",
|
|
"versionEndExcluding": "2023.2.7",
|
|
"matchCriteriaId": "FD2CF5D2-0BC4-43F2-BC49-CB3F3641B9E1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.3.0",
|
|
"versionEndExcluding": "2023.3.6",
|
|
"matchCriteriaId": "394B00FC-FBA7-40FE-8082-28C662692ECB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2024.1.0",
|
|
"versionEndExcluding": "2024.1.3",
|
|
"matchCriteriaId": "C55365AC-1F86-4EDF-BB75-0AD048E6BE21"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2023.1.7",
|
|
"matchCriteriaId": "4B5658AA-5223-4E63-BB1F-9584C614CBE6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.2.0",
|
|
"versionEndExcluding": "2023.2.5",
|
|
"matchCriteriaId": "6DC318D9-7713-42E1-BD17-B3A569F356EF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.3.0",
|
|
"versionEndExcluding": "2023.3.6",
|
|
"matchCriteriaId": "D5525193-53E0-42B5-87CD-DDABBFBCBD99"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2024.1.0",
|
|
"versionEndExcluding": "2024.1.3",
|
|
"matchCriteriaId": "E62FF44C-C639-4751-A512-9A88E7D16982"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2023.1.7",
|
|
"matchCriteriaId": "C88E44A7-4F55-47DD-8B45-33FA50FF4D92"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.2.0",
|
|
"versionEndExcluding": "2023.2.7",
|
|
"matchCriteriaId": "017D5DBB-AD63-4B95-86BD-A1425EB4D881"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.3.0",
|
|
"versionEndExcluding": "2023.3.7",
|
|
"matchCriteriaId": "091F7E8D-18F9-47BA-9DC9-96245DF10789"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2024.1.0",
|
|
"versionEndExcluding": "2024.1.3",
|
|
"matchCriteriaId": "34DC255F-9ECC-4B41-A8BA-0F70792823A3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:rustrover:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2024.1.1",
|
|
"matchCriteriaId": "0EA65266-C23F-403C-AD23-59096B41AD58"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2023.1.6",
|
|
"matchCriteriaId": "A6367B0C-9050-4BDC-9D26-80C251FC3270"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.2.0",
|
|
"versionEndExcluding": "2023.2.7",
|
|
"matchCriteriaId": "FA57E3D7-80D1-420F-9FA7-2D503626027F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2023.3.0",
|
|
"versionEndExcluding": "2023.3.7",
|
|
"matchCriteriaId": "D60460C9-6913-441E-99BE-19EB4459836F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2024.1.0",
|
|
"versionEndExcluding": "2024.1.4",
|
|
"matchCriteriaId": "1720820F-2FB4-4AAC-A139-CF7C493A751A"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://security.netapp.com/advisory/ntap-20240705-0004/",
|
|
"source": "cve@jetbrains.com"
|
|
},
|
|
{
|
|
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
|
|
"source": "cve@jetbrains.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |