CVE-2024-37051

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-37051
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://security.netapp.com/advisory/ntap-20240705-0004/
https://www.jetbrains.com/privacy-security/issues-fixed/ Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:jetbrains:aqua:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:mps:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:mps:2023.3.0:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:rustrover:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-06-10 16:15

Updated : 2024-07-05 16:15

NVD link : CVE-2024-37051

Mitre link : CVE-2024-37051

CVE.ORG link : CVE-2024-37051

JSON object : View

Products Affected

jetbrains

  • webstorm
  • dataspell
  • intellij_idea
  • rubymine
  • datagrip
  • aqua
  • pycharm
  • clion
  • mps
  • phpstorm
  • rustrover
  • goland
  • rider
CWE
CWE-522

Insufficiently Protected Credentials