CVE-2024-37051

{"id": "CVE-2024-37051", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@jetbrains.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-06-10T16:15:16.713", "references": [{"url": "https://security.netapp.com/advisory/ntap-20240705-0004/", "source": "cve@jetbrains.com"}, {"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "tags": ["Vendor Advisory"], "source": "cve@jetbrains.com"}, {"url": "https://security.netapp.com/advisory/ntap-20240705-0004/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cve@jetbrains.com", "description": [{"lang": "en", "value": "CWE-522"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4"}, {"lang": "es", "value": "El token de acceso de GitHub podr\u00eda estar expuesto a sitios de terceros en los IDE de JetBrains posteriores a la versi\u00f3n 2023.1 y anteriores a: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4 "}], "lastModified": "2024-11-21T09:23:06.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jetbrains:aqua:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20608E8B-5B89-41AC-BDF9-1B78BA4CDE62", "versionEndExcluding": "2024.1.2"}, {"criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FC5C849-5663-4040-A967-D82B67588F15", "versionEndExcluding": "2023.1.7"}, {"criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "394A2D3B-C1D5-4942-A6B3-326DA6E4586B", "versionEndExcluding": "2023.2.4", "versionStartIncluding": "2023.2.0"}, {"criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB121B1D-34B9-4C08-8652-4791E7B92C20", "versionEndExcluding": "2023.3.5", "versionStartIncluding": "2023.3.0"}, {"criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "177F5831-420A-4EC7-8520-79BEA7DC91A1", "versionEndExcluding": "2024.1.3", "versionStartIncluding": "2024.1.0"}, {"criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F42B34B-DD62-4076-B965-D784F28361F1", "versionEndExcluding": "2023.1.3", "versionStartIncluding": "2023.1.0"}, {"criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8371359A-BCB7-40E6-BE71-16E107288E49", "versionEndExcluding": "2023.2.4", "versionStartIncluding": "2023.2.0"}, {"criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B2E54A2-FCAF-451D-87D2-70F9D4DC5C5F", "versionEndExcluding": "2023.3.5", "versionStartIncluding": "2023.3.0"}, {"criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "198ED5D0-C88D-4AFA-9E15-9934C66650F6", "versionEndExcluding": "2024.1.4", "versionStartIncluding": "2024.1.0"}, {"criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD714D72-765A-4C2B-A1EA-ED79681DF0A1", "versionEndExcluding": "2023.1.6"}, {"criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04D60572-17BB-4F5C-96E2-41482F0312DA", "versionEndExcluding": "2023.2.7", "versionStartIncluding": "2023.2.0"}, {"criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "249CCE69-467E-4181-B114-4BE2566CFAC4", "versionEndExcluding": "2023.3.6", "versionStartIncluding": "2023.3.0"}, {"criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2523C4F3-39A5-4FCA-90CA-3B121460733B", "versionEndExcluding": "2024.1.2", "versionStartIncluding": "2024.1.0"}, {"criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF8C3F6C-4CAD-4AFC-9625-7CDD5AB2472E", "versionEndExcluding": "2023.1.6"}, {"criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7FA39DB-F6A1-4213-A0BF-37A1FFC56CF2", "versionEndExcluding": "2023.2.7", "versionStartIncluding": "2023.2.0"}, {"criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91F7AE04-C3B2-4700-89C2-64FFD59C313B", "versionEndExcluding": "2023.3.7", "versionStartIncluding": "2023.3.0"}, {"criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB43612E-FD6C-4220-8B11-336B4F2AF1ED", "versionEndExcluding": "2024.1.3", "versionStartIncluding": "2024.1.0"}, {"criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B29A0AC-82A9-4E3B-A425-CE60024A0B2B", "versionEndExcluding": "2023.1.7"}, {"criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3284FF4C-73B4-41B8-8F68-AF8DD234DDB6", "versionEndExcluding": "2023.2.7", "versionStartIncluding": "2023.2.0"}, {"criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39D4B44F-9182-437D-8E69-FDE818F7921B", "versionEndExcluding": "2023.3.7", "versionStartIncluding": "2023.3.0"}, {"criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBF21B58-29E9-4446-A27A-BB12C7C311E9", "versionEndExcluding": "2024.1.3", "versionStartIncluding": "2024.1.0"}, {"criteria": "cpe:2.3:a:jetbrains:mps:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B284C2E0-4CE1-49BA-9AEF-8B0B5D6CB33C", "versionEndExcluding": "2023.2.1"}, {"criteria": "cpe:2.3:a:jetbrains:mps:2023.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1342D0F0-35E1-42B6-8D0B-95D2C6E5E348"}, {"criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FC207EA-07BE-403B-B759-900F3EE90272", "versionEndExcluding": "2023.1.6"}, {"criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71DF05BF-A5E6-4BCF-B806-BD4E73D4D903", "versionEndExcluding": "2023.2.6", "versionStartIncluding": "2023.2.0"}, {"criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61A47B15-DA71-48AE-8AA0-B9BA68F20AFC", "versionEndExcluding": "2023.3.7", "versionStartIncluding": "2023.3.0"}, {"criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07D8FF11-75BC-4802-8414-7A132D929040", "versionEndExcluding": "2024.1.3", "versionStartIncluding": "2024.1.0"}, {"criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21BB4064-431B-4D86-9C48-D2AC47E37226", "versionEndExcluding": "2023.1.6"}, {"criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD2CF5D2-0BC4-43F2-BC49-CB3F3641B9E1", "versionEndExcluding": "2023.2.7", "versionStartIncluding": "2023.2.0"}, {"criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "394B00FC-FBA7-40FE-8082-28C662692ECB", "versionEndExcluding": "2023.3.6", "versionStartIncluding": "2023.3.0"}, {"criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C55365AC-1F86-4EDF-BB75-0AD048E6BE21", "versionEndExcluding": "2024.1.3", "versionStartIncluding": "2024.1.0"}, {"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B5658AA-5223-4E63-BB1F-9584C614CBE6", "versionEndExcluding": "2023.1.7"}, {"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DC318D9-7713-42E1-BD17-B3A569F356EF", "versionEndExcluding": "2023.2.5", "versionStartIncluding": "2023.2.0"}, {"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5525193-53E0-42B5-87CD-DDABBFBCBD99", "versionEndExcluding": "2023.3.6", "versionStartIncluding": "2023.3.0"}, {"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E62FF44C-C639-4751-A512-9A88E7D16982", "versionEndExcluding": "2024.1.3", "versionStartIncluding": "2024.1.0"}, {"criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C88E44A7-4F55-47DD-8B45-33FA50FF4D92", "versionEndExcluding": "2023.1.7"}, {"criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "017D5DBB-AD63-4B95-86BD-A1425EB4D881", "versionEndExcluding": "2023.2.7", "versionStartIncluding": "2023.2.0"}, {"criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "091F7E8D-18F9-47BA-9DC9-96245DF10789", "versionEndExcluding": "2023.3.7", "versionStartIncluding": "2023.3.0"}, {"criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34DC255F-9ECC-4B41-A8BA-0F70792823A3", "versionEndExcluding": "2024.1.3", "versionStartIncluding": "2024.1.0"}, {"criteria": "cpe:2.3:a:jetbrains:rustrover:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EA65266-C23F-403C-AD23-59096B41AD58", "versionEndExcluding": "2024.1.1"}, {"criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6367B0C-9050-4BDC-9D26-80C251FC3270", "versionEndExcluding": "2023.1.6"}, {"criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA57E3D7-80D1-420F-9FA7-2D503626027F", "versionEndExcluding": "2023.2.7", "versionStartIncluding": "2023.2.0"}, {"criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D60460C9-6913-441E-99BE-19EB4459836F", "versionEndExcluding": "2023.3.7", "versionStartIncluding": "2023.3.0"}, {"criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1720820F-2FB4-4AAC-A139-CF7C493A751A", "versionEndExcluding": "2024.1.4", "versionStartIncluding": "2024.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@jetbrains.com"}