CVE-2024-5899

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Bazel Plugin versions prior to 2024.06.04.0.2

Description: The issue arises when the Bazel Plugin in IntelliJ imports a project, either using "import project" or "Auto import", and the dialog for trusting the project is not displayed. This occurs because both methods call ProjectBuilder.createProject, which then calls ProjectManager.getInstance().createProject, a method intended for creating new projects, not importing existing ones.

Recommendations: For versions prior to 2024.06.04.0.2, upgrade to version 2024.06.04.0.2 or beyond for the IntelliJ, CLion, and Android Studio Bazel plugins.

Fix

Missing Authorization

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-20

Related Identifiers

CVE-2024-5899

GHSA-HH9F-WMHW-46VG

GO-2024-2933

Affected Products

Android Studio

Bazel Plugin

Clion

Intellij

CVE-2024-5899

Weakness Enumeration

Related Identifiers

Affected Products

References · 7