CVE-2024-37051

Name of the Vulnerable Software and Affected Versions JetBrains IntelliJ IDEA versions 2023.1 through 2023.1.7 JetBrains IntelliJ IDEA versions 2023.2 through 2023.2.7 JetBrains IntelliJ IDEA versions 2023.3 through 2023.3.7 JetBrains IntelliJ IDEA version 2024.1.3 JetBrains IntelliJ IDEA version 2024.2 EAP3 JetBrains Aqua version 2024.1.2 JetBrains CLion versions 2023.1 through 2023.1.7 JetBrains CLion versions 2023.2 through 2023.2.4 JetBrains CLion versions 2023.3 through 2023.3.5 JetBrains CLion version 2024.1.3 JetBrains CLion version 2024.2 EAP2 JetBrains DataGrip versions 2023.1 through 2023.1.3 JetBrains DataGrip versions 2023.2 through 2023.2.4 JetBrains DataGrip versions 2023.3 through 2023.3.5 JetBrains DataGrip version 2024.1.4 JetBrains DataSpell versions 2023.1 through 2023.1.6 JetBrains DataSpell versions 2023.2 through 2023.2.7 JetBrains DataSpell versions 2023.3 through 2023.3.6 JetBrains DataSpell version 2024.1.2 JetBrains DataSpell version 2024.2 EAP1 JetBrains GoLand versions 2023.1 through 2023.1.6 JetBrains GoLand versions 2023.2 through 2023.2.7 JetBrains GoLand versions 2023.3 through 2023.3.7 JetBrains GoLand version 2024.1.3 JetBrains GoLand version 2024.2 EAP3 JetBrains MPS versions 2023.2 through 2023.2.1 JetBrains MPS versions 2023.3 through 2023.3.1 JetBrains MPS version 2024.1 EAP2 JetBrains PhpStorm versions 2023.1 through 2023.1.6 JetBrains PhpStorm versions 2023.2 through 2023.2.6 JetBrains PhpStorm versions 2023.3 through 2023.3.7 JetBrains PhpStorm version 2024.1.3 JetBrains PhpStorm version 2024.2 EAP3 JetBrains PyCharm versions 2023.1 through 2023.1.6 JetBrains PyCharm versions 2023.2 through 2023.2.7 JetBrains PyCharm versions 2023.3 through 2023.3.6 JetBrains PyCharm version 2024.1.3 JetBrains PyCharm version 2024.2 EAP2 JetBrains Rider versions 2023.1 through 2023.1.7 JetBrains Rider versions 2023.2 through 2023.2.5 JetBrains Rider versions 2023.3 through 2023.3.6 JetBrains Rider version 2024.1.3 JetBrains RubyMine versions 2023.1 through 2023.1.7 JetBrains RubyMine versions 2023.2 through 2023.2.7 JetBrains RubyMine versions 2023.3 through 2023.3.7 JetBrains RubyMine version 2024.1.3 JetBrains RubyMine version 2024.2 EAP4 JetBrains RustRover version 2024.1.1 JetBrains WebStorm versions 2023.1 through 2023.1.6 JetBrains WebStorm versions 2023.2 through 2023.2.7 JetBrains WebStorm versions 2023.3 through 2023.3.7 JetBrains WebStorm version 2024.1.4

Description The issue is related to insufficient protection of registration data, which can allow a remote attacker to gain elevated privileges by obtaining a GitHub access token. The vulnerability affects various JetBrains IDEs, including IntelliJ IDEA, CLion, DataGrip, DataSpell, GoLand, MPS, PhpStorm, PyCharm, Rider, RubyMine, RustRover, and WebStorm. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations Update IntelliJ IDEA to version 2023.1.8 or later. Update CLion to version 2023.1.8 or later. Update DataGrip to version 2023.1.4 or later. Update DataSpell to version 2023.1.7 or later. Update GoLand to version 2023.1.7 or later. Update MPS to version 2023.2.2 or later. Update PhpStorm to version 2023.1.7 or later. Update PyCharm to version 2023.1.7 or later. Update Rider to version 2023.1.8 or later. Update RubyMine to version 2023.1.8 or later. Update RustRover to version 2024.1.2 or later. Update WebStorm to version 2023.1.7 or later. As a temporary workaround, consider disabling the GitHub plugin in the affected IDEs until a patch is available. Restrict access to the GitHub token storage to minimize the risk of exploitation. Avoid using the github token variable in the affected API endpoints until the issue is resolved.