CVE-2024-37051

Published Jun 10, 2024
Last updated 4 months ago
CVSS high 7.5
Overview

Description: GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
Source: cve@jetbrains.com
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH
Weaknesses

nvd@nist.gov: CWE-522
cve@jetbrains.com: CWE-522
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:jetbrains:aqua:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20608E8B-5B89-41AC-BDF9-1B78BA4CDE62",
            "versionEndExcluding": "2024.1.2"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FC5C849-5663-4040-A967-D82B67588F15",
            "versionEndExcluding": "2023.1.7"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "394A2D3B-C1D5-4942-A6B3-326DA6E4586B",
            "versionEndExcluding": "2023.2.4",
            "versionStartIncluding": "2023.2.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB121B1D-34B9-4C08-8652-4791E7B92C20",
            "versionEndExcluding": "2023.3.5",
            "versionStartIncluding": "2023.3.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "177F5831-420A-4EC7-8520-79BEA7DC91A1",
            "versionEndExcluding": "2024.1.3",
            "versionStartIncluding": "2024.1.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F42B34B-DD62-4076-B965-D784F28361F1",
            "versionEndExcluding": "2023.1.3",
            "versionStartIncluding": "2023.1.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8371359A-BCB7-40E6-BE71-16E107288E49",
            "versionEndExcluding": "2023.2.4",
            "versionStartIncluding": "2023.2.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B2E54A2-FCAF-451D-87D2-70F9D4DC5C5F",
            "versionEndExcluding": "2023.3.5",
            "versionStartIncluding": "2023.3.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "198ED5D0-C88D-4AFA-9E15-9934C66650F6",
            "versionEndExcluding": "2024.1.4",
            "versionStartIncluding": "2024.1.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD714D72-765A-4C2B-A1EA-ED79681DF0A1",
            "versionEndExcluding": "2023.1.6"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04D60572-17BB-4F5C-96E2-41482F0312DA",
            "versionEndExcluding": "2023.2.7",
            "versionStartIncluding": "2023.2.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "249CCE69-467E-4181-B114-4BE2566CFAC4",
            "versionEndExcluding": "2023.3.6",
            "versionStartIncluding": "2023.3.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2523C4F3-39A5-4FCA-90CA-3B121460733B",
            "versionEndExcluding": "2024.1.2",
            "versionStartIncluding": "2024.1.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF8C3F6C-4CAD-4AFC-9625-7CDD5AB2472E",
            "versionEndExcluding": "2023.1.6"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7FA39DB-F6A1-4213-A0BF-37A1FFC56CF2",
            "versionEndExcluding": "2023.2.7",
            "versionStartIncluding": "2023.2.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91F7AE04-C3B2-4700-89C2-64FFD59C313B",
            "versionEndExcluding": "2023.3.7",
            "versionStartIncluding": "2023.3.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB43612E-FD6C-4220-8B11-336B4F2AF1ED",
            "versionEndExcluding": "2024.1.3",
            "versionStartIncluding": "2024.1.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B29A0AC-82A9-4E3B-A425-CE60024A0B2B",
            "versionEndExcluding": "2023.1.7"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3284FF4C-73B4-41B8-8F68-AF8DD234DDB6",
            "versionEndExcluding": "2023.2.7",
            "versionStartIncluding": "2023.2.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39D4B44F-9182-437D-8E69-FDE818F7921B",
            "versionEndExcluding": "2023.3.7",
            "versionStartIncluding": "2023.3.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBF21B58-29E9-4446-A27A-BB12C7C311E9",
            "versionEndExcluding": "2024.1.3",
            "versionStartIncluding": "2024.1.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:mps:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B284C2E0-4CE1-49BA-9AEF-8B0B5D6CB33C",
            "versionEndExcluding": "2023.2.1"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:mps:2023.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1342D0F0-35E1-42B6-8D0B-95D2C6E5E348"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FC207EA-07BE-403B-B759-900F3EE90272",
            "versionEndExcluding": "2023.1.6"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71DF05BF-A5E6-4BCF-B806-BD4E73D4D903",
            "versionEndExcluding": "2023.2.6",
            "versionStartIncluding": "2023.2.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61A47B15-DA71-48AE-8AA0-B9BA68F20AFC",
            "versionEndExcluding": "2023.3.7",
            "versionStartIncluding": "2023.3.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07D8FF11-75BC-4802-8414-7A132D929040",
            "versionEndExcluding": "2024.1.3",
            "versionStartIncluding": "2024.1.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21BB4064-431B-4D86-9C48-D2AC47E37226",
            "versionEndExcluding": "2023.1.6"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD2CF5D2-0BC4-43F2-BC49-CB3F3641B9E1",
            "versionEndExcluding": "2023.2.7",
            "versionStartIncluding": "2023.2.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "394B00FC-FBA7-40FE-8082-28C662692ECB",
            "versionEndExcluding": "2023.3.6",
            "versionStartIncluding": "2023.3.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C55365AC-1F86-4EDF-BB75-0AD048E6BE21",
            "versionEndExcluding": "2024.1.3",
            "versionStartIncluding": "2024.1.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B5658AA-5223-4E63-BB1F-9584C614CBE6",
            "versionEndExcluding": "2023.1.7"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DC318D9-7713-42E1-BD17-B3A569F356EF",
            "versionEndExcluding": "2023.2.5",
            "versionStartIncluding": "2023.2.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5525193-53E0-42B5-87CD-DDABBFBCBD99",
            "versionEndExcluding": "2023.3.6",
            "versionStartIncluding": "2023.3.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E62FF44C-C639-4751-A512-9A88E7D16982",
            "versionEndExcluding": "2024.1.3",
            "versionStartIncluding": "2024.1.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C88E44A7-4F55-47DD-8B45-33FA50FF4D92",
            "versionEndExcluding": "2023.1.7"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "017D5DBB-AD63-4B95-86BD-A1425EB4D881",
            "versionEndExcluding": "2023.2.7",
            "versionStartIncluding": "2023.2.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "091F7E8D-18F9-47BA-9DC9-96245DF10789",
            "versionEndExcluding": "2023.3.7",
            "versionStartIncluding": "2023.3.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34DC255F-9ECC-4B41-A8BA-0F70792823A3",
            "versionEndExcluding": "2024.1.3",
            "versionStartIncluding": "2024.1.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:rustrover:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EA65266-C23F-403C-AD23-59096B41AD58",
            "versionEndExcluding": "2024.1.1"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6367B0C-9050-4BDC-9D26-80C251FC3270",
            "versionEndExcluding": "2023.1.6"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA57E3D7-80D1-420F-9FA7-2D503626027F",
            "versionEndExcluding": "2023.2.7",
            "versionStartIncluding": "2023.2.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D60460C9-6913-441E-99BE-19EB4459836F",
            "versionEndExcluding": "2023.3.7",
            "versionStartIncluding": "2023.3.0"
          },
          {
            "criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1720820F-2FB4-4AAC-A139-CF7C493A751A",
            "versionEndExcluding": "2024.1.4",
            "versionStartIncluding": "2024.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
