GitHub access token compromise (CVE-2024-37051) #shorts #breaking
CVE
CVE-2024-37051 involves a newly discovered security vulnerability where GitHub access tokens are potentially exposed through JetBrains IDE products. Although there are no reported incidents yet, it still poses a significant risk to users of IntelliJ IDEA, Aqua, CLion, DataGrip, DataSpell, GoLand, MPS, PhpStorm, PyCharm, Rider, RubyMine, RustRover, and WebStorm. Attackers could leverage this vulnerability to gain unauthorized access to GitHub repositories. This is a zero-day vulnerability, making it highly critical and deserving of immediate attention.
Watch the full video on YouTube: CVE-2024-37051
Remediation and exploitation details
This chain involves the following actors
This following systems are involved
Attack entry point
Remediation actions
Exploitation actions
Related Content
NOTE: The following related content has not been vetted and may be unsafe.
CVE database technical details
CVE ID
CVE-2024-37051
Description
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
Provider
JetBrains
CWE / problem types
CWE-522: Insufficiently Protected Credentials
Affected Software Versions
JetBrains:IntelliJ IDEA:[{'version': '2023.1', 'status': 'affected', 'lessThan': '2023.1.7', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.2.7', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.3.7', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2024.1.3', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2024.2 EAP3', 'versionType': 'semver'}],JetBrains:Aqua:[{'version': '0', 'status': 'affected', 'lessThan': '2024.1.2', 'versionType': 'semver'}],JetBrains:CLion:[{'version': '2023.1', 'status': 'affected', 'lessThan': '2023.1.7', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.2.4', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.3.5', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2024.1.3', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2024.2 EAP2', 'versionType': 'semver'}],JetBrains:DataGrip:[{'version': '2023.1', 'status': 'affected', 'lessThan': '2023.1.3', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.2.4', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.3.5', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2024.1.4', 'versionType': 'semver'}],JetBrains:DataSpell:[{'version': '2023.1', 'status': 'affected', 'lessThan': '2023.1.6', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.2.7', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.3.6', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2024.1.2', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2024.2 EAP1', 'versionType': 'semver'}],JetBrains:GoLand:[{'version': '2023.1', 'status': 'affected', 'lessThan': '2023.1.6', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.2.7', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.3.7', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2024.1.3', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2024.2 EAP3', 'versionType': 'semver'}],JetBrains:MPS:[{'version': '2023.1', 'status': 'affected', 'lessThan': '2023.2.1', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.3.1', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2024.1 EAP2', 'versionType': 'semver'}],JetBrains:PhpStorm:[{'version': '2023.1', 'status': 'affected', 'lessThan': '2023.1.6', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.2.6', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.3.7', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2024.1.3', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2024.2 EAP3', 'versionType': 'semver'}],JetBrains:PyCharm:[{'version': '2023.1', 'status': 'affected', 'lessThan': '2023.1.6', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.2.7', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.3.6', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2024.1.3', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2024.2 EAP2', 'versionType': 'semver'}],JetBrains:Rider:[{'version': '2023.1', 'status': 'affected', 'lessThan': '2023.1.7', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.2.5', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.3.6', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2024.1.3', 'versionType': 'semver'}],JetBrains:RubyMine:[{'version': '2023.1', 'status': 'affected', 'lessThan': '2023.1.7', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.2.7', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.3.7', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2024.1.3', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2024.2 EAP4', 'versionType': 'semver'}],JetBrains:RustRover:[{'version': '0', 'status': 'affected', 'lessThan': '2024.1.1', 'versionType': 'semver'}],JetBrains:WebStorm:[{'version': '2023.1', 'status': 'affected', 'lessThan': '2023.1.6', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.2.7', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2023.3.7', 'versionType': 'semver'}, {'version': '2023.1', 'status': 'affected', 'lessThan': '2024.1.4', 'versionType': 'semver'}]
Date Published
2024-06-10T15:58:06.021Z
Last Updated
2025-02-13T17:52:58.741Z