JetBrains IDEs <=2024.2 Token Exposure via 3rd-Party Sites (CVE-2024-37051)
CVE-2024-37051 Published on June 10, 2024
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
Vulnerability Analysis
CVE-2024-37051 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2024-37051. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Products Associated with CVE-2024-37051
Want to know whenever a new CVE is published for JetBrains products? stack.watch will email you.
Affected Versions
JetBrains IntelliJ IDEA:- Version 2023.1 and below 2023.1.7 is affected.
- Version 2023.1 and below 2023.2.7 is affected.
- Version 2023.1 and below 2023.3.7 is affected.
- Version 2023.1 and below 2024.1.3 is affected.
- Version 2023.1 and below 2024.2 EAP3 is affected.
- Before 2024.1.2 is affected.
- Version 2023.1 and below 2023.1.7 is affected.
- Version 2023.1 and below 2023.2.4 is affected.
- Version 2023.1 and below 2023.3.5 is affected.
- Version 2023.1 and below 2024.1.3 is affected.
- Version 2023.1 and below 2024.2 EAP2 is affected.
- Version 2023.1 and below 2023.1.3 is affected.
- Version 2023.1 and below 2023.2.4 is affected.
- Version 2023.1 and below 2023.3.5 is affected.
- Version 2023.1 and below 2024.1.4 is affected.
- Version 2023.1 and below 2023.1.6 is affected.
- Version 2023.1 and below 2023.2.7 is affected.
- Version 2023.1 and below 2023.3.6 is affected.
- Version 2023.1 and below 2024.1.2 is affected.
- Version 2023.1 and below 2024.2 EAP1 is affected.
- Version 2023.1 and below 2023.1.6 is affected.
- Version 2023.1 and below 2023.2.7 is affected.
- Version 2023.1 and below 2023.3.7 is affected.
- Version 2023.1 and below 2024.1.3 is affected.
- Version 2023.1 and below 2024.2 EAP3 is affected.
- Version 2023.1 and below 2023.2.1 is affected.
- Version 2023.1 and below 2023.3.1 is affected.
- Version 2023.1 and below 2024.1 EAP2 is affected.
- Version 2023.1 and below 2023.1.6 is affected.
- Version 2023.1 and below 2023.2.6 is affected.
- Version 2023.1 and below 2023.3.7 is affected.
- Version 2023.1 and below 2024.1.3 is affected.
- Version 2023.1 and below 2024.2 EAP3 is affected.
- Version 2023.1 and below 2023.1.6 is affected.
- Version 2023.1 and below 2023.2.7 is affected.
- Version 2023.1 and below 2023.3.6 is affected.
- Version 2023.1 and below 2024.1.3 is affected.
- Version 2023.1 and below 2024.2 EAP2 is affected.
- Version 2023.1 and below 2023.1.7 is affected.
- Version 2023.1 and below 2023.2.5 is affected.
- Version 2023.1 and below 2023.3.6 is affected.
- Version 2023.1 and below 2024.1.3 is affected.
- Version 2023.1 and below 2023.1.7 is affected.
- Version 2023.1 and below 2023.2.7 is affected.
- Version 2023.1 and below 2023.3.7 is affected.
- Version 2023.1 and below 2024.1.3 is affected.
- Version 2023.1 and below 2024.2 EAP4 is affected.
- Before 2024.1.1 is affected.
- Version 2023.1 and below 2023.1.6 is affected.
- Version 2023.1 and below 2023.2.7 is affected.
- Version 2023.1 and below 2023.3.7 is affected.
- Version 2023.1 and below 2024.1.4 is affected.
- Version 2023.1 and below 2023.1.7 is affected.
- Version 2023.1 and below 2023.2.7 is affected.
- Version 2023.1 and below 2023.3.7 is affected.
- Version 2023.1 and below 2024.1.3 is affected.
- Version 2023.1 and below 2024.2 EAP3 is affected.
- Before 2024.1.2 is affected.
- Version 2023.1 and below 2023.1.7 is affected.
- Version 2023.1 and below 2023.2.4 is affected.
- Version 2023.1 and below 2023.3.5 is affected.
- Version 2023.1 and below 2024.1.3 is affected.
- Version 2023.1 and below 2024.1.4 is affected.
- Version 2023.1 and below 2023.1.6 is affected.
- Version 2023.1 and below 2024.2_eap2 is affected.
- Version 2023.1 and below 2023.1.3 is affected.
- Version 2023.1 and below 2023.2.4 is affected.
- Version 2023.1 and below 2023.3.5 is affected.
- Version 2023.1 and below 2023.2.7 is affected.
- Version 2023.1 and below 2023.3.6 is affected.
- Version 2023.1 and below 2024.1.2 is affected.
- Version 2023.1 and below 2024.2 EAP1 is affected.
- Version 2023.1 and below 2023.1.6 is affected.
- Version 2023.1 and below 2023.2.7 is affected.
- Version 2023.1 and below 2023.3.7 is affected.
- Version 2023.1 and below 2024.1.3 is affected.
- Version 2023.1 and below 2024.2 EAP3 is affected.
- Version 2023.1 and below 2023.2.1 is affected.
- Version 2023.1 and below 2023.3.1 is affected.
- Version 2023.1 and below 2024.1 EAP2 is affected.
- Version 2023.1 and below 2023.1.6 is affected.
- Version 2023.1 and below 2023.2.6 is affected.
- Version 2023.1 and below 2023.3.7 is affected.
- Version 2023.1 and below 2024.1.3 is affected.
- Version 2023.1 and below 2024.2 EAP3 is affected.
- Version 2023.1 and below 2023.1.6 is affected.
- Version 2023.1 and below 2023.2.7 is affected.
- Version 2023.1 and below 2023.3.6 is affected.
- Version 2023.1 and below 2024.1.3 is affected.
- Version 2023.1 and below 2024.2 EAP2 is affected.
- Version 2023.1 and below 2023.1.7 is affected.
- Version 2023.1 and below 2023.2.5 is affected.
- Version 2023.1 and below 2023.3.6 is affected.
- Version 2023.1 and below 2024.1.3 is affected.
- Version 2023.1 and below 2023.1.7 is affected.
- Version 2023.1 and below 2023.2.7 is affected.
- Version 2023.1 and below 2023.3.7 is affected.
- Version 2023.1 and below 2024.1.3 is affected.
- Version 2023.1 and below 2024.2 EAP4 is affected.
- Before 2024.1.1 is affected.
- Version 2023.1 and below 2023.1.6 is affected.
- Version 2023.1 and below 2023.2.7 is affected.
- Version 2023.1 and below 2023.3.7 is affected.
- Version 2023.1 and below 2024.1.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.