Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-37051
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的凭证保护机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
JetBrains 多款集成开发环境安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
JetBrains IntelliJ IDEA等都是捷克JetBrains公司的产品。JetBrains IntelliJ IDEA是一套适用于Java语言的集成开发环境。JetBrains PyCharm是一款针对Python语言的集成开发环境(IDE)。JetBrains PhpStorm是一个应用软件。 JetBrains多个产品存在安全漏洞,该漏洞源于GitHub访问令牌可能会暴露给第三方网站。以下产品受到影响:JetBrains IntelliJ IDEA、Aqua、CLion、DataGrip
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
JetBrainsIntelliJ IDEA 2023.1 ~ 2023.1.7 -
JetBrainsAqua 0 ~ 2024.1.2 -
JetBrainsCLion 2023.1 ~ 2023.1.7 -
JetBrainsDataGrip 2023.1 ~ 2023.1.3 -
JetBrainsDataSpell 2023.1 ~ 2023.1.6 -
JetBrainsGoLand 2023.1 ~ 2023.1.6 -
JetBrainsMPS 2023.1 ~ 2023.2.1 -
JetBrainsPhpStorm 2023.1 ~ 2023.1.6 -
JetBrainsPyCharm 2023.1 ~ 2023.1.6 -
JetBrainsRider 2023.1 ~ 2023.1.7 -
JetBrainsRubyMine 2023.1 ~ 2023.1.7 -
JetBrainsRustRover 0 ~ 2024.1.1 -
JetBrainsWebStorm 2023.1 ~ 2023.1.6 -
II. Public POCs for CVE-2024-37051
#POC DescriptionSource LinkShenlong Link
1CVE-2024-37051 poc and exploithttps://github.com/LeadroyaL/CVE-2024-37051-EXPPOC Details
2Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051)https://github.com/mrblackstar26/CVE-2024-37051POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2024-37051
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: IntelliJ IDEA
Same vendor: JetBrains
Same weakness: CWE-522
V. Comments for CVE-2024-37051

No comments yet

Leave a comment