CVE-2024-37051

GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
JetBrainsCNA
9.3 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
jetbrainsaqua
𝑥
< 2024.1.2
jetbrainsclion
𝑥
< 2023.1.7
jetbrainsclion
2023.2.0 ≤
𝑥
< 2023.2.4
jetbrainsclion
2023.3.0 ≤
𝑥
< 2023.3.5
jetbrainsclion
2024.1.0 ≤
𝑥
< 2024.1.3
jetbrainsdatagrip
2023.1.0 ≤
𝑥
< 2023.1.3
jetbrainsdatagrip
2023.2.0 ≤
𝑥
< 2023.2.4
jetbrainsdatagrip
2023.3.0 ≤
𝑥
< 2023.3.5
jetbrainsdatagrip
2024.1.0 ≤
𝑥
< 2024.1.4
jetbrainsdataspell
𝑥
< 2023.1.6
jetbrainsdataspell
2023.2.0 ≤
𝑥
< 2023.2.7
jetbrainsdataspell
2023.3.0 ≤
𝑥
< 2023.3.6
jetbrainsdataspell
2024.1.0 ≤
𝑥
< 2024.1.2
jetbrainsgoland
𝑥
< 2023.1.6
jetbrainsgoland
2023.2.0 ≤
𝑥
< 2023.2.7
jetbrainsgoland
2023.3.0 ≤
𝑥
< 2023.3.7
jetbrainsgoland
2024.1.0 ≤
𝑥
< 2024.1.3
jetbrainsintellij_idea
𝑥
< 2023.1.7
jetbrainsintellij_idea
2023.2.0 ≤
𝑥
< 2023.2.7
jetbrainsintellij_idea
2023.3.0 ≤
𝑥
< 2023.3.7
jetbrainsintellij_idea
2024.1.0 ≤
𝑥
< 2024.1.3
jetbrainsmps
𝑥
< 2023.2.1
jetbrainsmps
2023.3.0
jetbrainsphpstorm
𝑥
< 2023.1.6
jetbrainsphpstorm
2023.2.0 ≤
𝑥
< 2023.2.6
jetbrainsphpstorm
2023.3.0 ≤
𝑥
< 2023.3.7
jetbrainsphpstorm
2024.1.0 ≤
𝑥
< 2024.1.3
jetbrainspycharm
𝑥
< 2023.1.6
jetbrainspycharm
2023.2.0 ≤
𝑥
< 2023.2.7
jetbrainspycharm
2023.3.0 ≤
𝑥
< 2023.3.6
jetbrainspycharm
2024.1.0 ≤
𝑥
< 2024.1.3
jetbrainsrider
𝑥
< 2023.1.7
jetbrainsrider
2023.2.0 ≤
𝑥
< 2023.2.5
jetbrainsrider
2023.3.0 ≤
𝑥
< 2023.3.6
jetbrainsrider
2024.1.0 ≤
𝑥
< 2024.1.3
jetbrainsrubymine
𝑥
< 2023.1.7
jetbrainsrubymine
2023.2.0 ≤
𝑥
< 2023.2.7
jetbrainsrubymine
2023.3.0 ≤
𝑥
< 2023.3.7
jetbrainsrubymine
2024.1.0 ≤
𝑥
< 2024.1.3
jetbrainsrustrover
𝑥
< 2024.1.1
jetbrainswebstorm
𝑥
< 2023.1.6
jetbrainswebstorm
2023.2.0 ≤
𝑥
< 2023.2.7
jetbrainswebstorm
2023.3.0 ≤
𝑥
< 2023.3.7
jetbrainswebstorm
2024.1.0 ≤
𝑥
< 2024.1.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.netapp.com/advisory/ntap-20240705-0004/
https://www.jetbrains.com/privacy-security/issues-fixed/
https://security.netapp.com/advisory/ntap-20240705-0004/
https://www.jetbrains.com/privacy-security/issues-fixed/