CVE-2024-5899

{"id": "CVE-2024-5899", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cve-coordination@google.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 1.0, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-06-18T09:15:09.767", "references": [{"url": "https://github.com/bazelbuild/intellij/releases/tag/v2024.06.04-aswb-stable", "tags": ["Release Notes"], "source": "cve-coordination@google.com"}, {"url": "https://github.com/bazelbuild/intellij/security/advisories/GHSA-hh9f-wmhw-46vg", "tags": ["Vendor Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://github.com/bazelbuild/intellij/releases/tag/v2024.06.04-aswb-stable", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/bazelbuild/intellij/security/advisories/GHSA-hh9f-wmhw-46vg", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve-coordination@google.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "When Bazel Plugin in intellij imports a project (either using \"import project\" or \"Auto import\") the dialog for trusting the project is not displayed.\u00a0This comes from the fact that both call the method ProjectBuilder.createProject\u00a0which then calls ProjectManager.getInstance().createProject. This method, as its name suggests is intended to create a new project, not to import an existing one.\u00a0\nWe recommend upgrading to version 2024.06.04.0.2 or beyond for the IntelliJ, CLion and Android Studio Bazel plugins."}, {"lang": "es", "value": "Cuando Bazel Plugin en intellij importa un proyecto (ya sea usando \"importar proyecto\" o \"Importar autom\u00e1ticamente\"), no se muestra el cuadro de di\u00e1logo para confiar en el proyecto. Esto se debe al hecho de que ambos llaman al m\u00e9todo ProjectBuilder.createProject, que luego llama a ProjectManager.getInstance().createProject. Este m\u00e9todo, como su nombre indica, est\u00e1 destinado a crear un nuevo proyecto, no a importar uno existente. Recomendamos actualizar a la versi\u00f3n 2024.06.04.0.2 o posterior para los complementos IntelliJ, CLion y Android Studio Bazel."}], "lastModified": "2025-07-23T15:00:34.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:bazel_for_android_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE67B43C-78F7-4868-926D-D920C4AB0834", "versionEndExcluding": "2024.06.04.0.2"}, {"criteria": "cpe:2.3:a:google:bazel_for_clion:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B7AB8DA-017F-463F-AF23-49CDBD4CC756", "versionEndExcluding": "2024.06.04.0.2"}, {"criteria": "cpe:2.3:a:google:bazel_for_intellij:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE5DB19D-DAC5-48AE-A248-77C42B350DF4", "versionEndExcluding": "2024.06.04.0.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve-coordination@google.com"}