Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 916
- Points
- 113
How did a popular development environment become an entry point for further compromise?
JetBrains encourages users to update their IntelliJ IDEA integrated development environments to address a critical vulnerability related to access to GitHub tokens.
The CVE-2024-37051 vulnerability affects all IntelliJ-based IDEs starting from version 2023.1, if the JetBrains GitHub plugin is enabled and used. On May 29, 2024, external information was received about a potential threat affecting the Pull Request in the IDE.
Ilya Pleskunin, head of the JetBrains security support team, said: "Malicious content in the Pull Request to the GitHub project, processed by the IntelliJ-based IDE, can lead to access tokens being leaked to a third-party host."
JetBrains has released security updates for all affected IDE versions (2023.1 and later). The vulnerable JetBrains GitHub plugin has also been updated and removed from the official store.
The full list of fixed versions of the IntelliJ-based IDE includes:
Pleskunin strongly recommends updating to the latest versions. Moreover, JetBrains also contacted GitHub to minimize the impact. Due to the security measures taken in older versions of the IDE, the plugin may no longer work correctly.
JetBrains strongly advises users who have actively used the GitHub Pull Request functionality in the IntelliJ IDE to revoke all GitHub tokens used by the affected plugin. This will help prevent malicious users from accessing linked GitHub accounts, even if two-factor authentication is enabled.
If you are using OAuth integration or Personal Access Token (PAT), you should also revoke access for the JetBrains IDE Integration app and delete the integration token of the IntelliJ IDEA GitHub plugin.
Pleskunin explained: "After revoking the token, you will need to re-configure the plugin, as all its functions, including Git operations, will stop working."
In February, JetBrains also warned users about a critical authentication bypass vulnerability that allowed attackers to gain administrator rights and take control of vulnerable TeamCity On-Premises servers. And a little later, the company even became involved in a scandal related to a very controversial vulnerability disclosure policy.
JetBrains encourages users to update their IntelliJ IDEA integrated development environments to address a critical vulnerability related to access to GitHub tokens.
The CVE-2024-37051 vulnerability affects all IntelliJ-based IDEs starting from version 2023.1, if the JetBrains GitHub plugin is enabled and used. On May 29, 2024, external information was received about a potential threat affecting the Pull Request in the IDE.
Ilya Pleskunin, head of the JetBrains security support team, said: "Malicious content in the Pull Request to the GitHub project, processed by the IntelliJ-based IDE, can lead to access tokens being leaked to a third-party host."
JetBrains has released security updates for all affected IDE versions (2023.1 and later). The vulnerable JetBrains GitHub plugin has also been updated and removed from the official store.
The full list of fixed versions of the IntelliJ-based IDE includes:
- Aqua: 2024.1.2;
- CLion: 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2;
- DataGrip: 2024.1.4;
- DataSpell: 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2;
- GoLand: 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3;
- IntelliJ IDEA: 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3;
- MPS: 2023.2.1, 2023.3.1, 2024.1 EAP2;
- PhpStorm: 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3;
- PyCharm: 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2;
- Rider: 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3;
- RubyMine: 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4;
- RustRover: 2024.1.1;
- WebStorm: 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4;
Pleskunin strongly recommends updating to the latest versions. Moreover, JetBrains also contacted GitHub to minimize the impact. Due to the security measures taken in older versions of the IDE, the plugin may no longer work correctly.
JetBrains strongly advises users who have actively used the GitHub Pull Request functionality in the IntelliJ IDE to revoke all GitHub tokens used by the affected plugin. This will help prevent malicious users from accessing linked GitHub accounts, even if two-factor authentication is enabled.
If you are using OAuth integration or Personal Access Token (PAT), you should also revoke access for the JetBrains IDE Integration app and delete the integration token of the IntelliJ IDEA GitHub plugin.
Pleskunin explained: "After revoking the token, you will need to re-configure the plugin, as all its functions, including Git operations, will stop working."
In February, JetBrains also warned users about a critical authentication bypass vulnerability that allowed attackers to gain administrator rights and take control of vulnerable TeamCity On-Premises servers. And a little later, the company even became involved in a scandal related to a very controversial vulnerability disclosure policy.
