CVE-2024-24941

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions JetBrains IntelliJ IDEA versions prior to 2023.3.3

Description The issue exists due to insufficient input validation in the authentication token handler component of the integrated development environment. This could allow a remote attacker to send an authentication token to an arbitrary URL.

Recommendations For versions prior to 2023.3.3, update to version 2023.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin for JetBrains Space until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2024-01382

CVE-2024-24941

Affected Products

Jetbrains Intellij Idea

CVE-2024-24941

Weakness Enumeration

Related Identifiers

Affected Products

References · 8