CRITICAL VULNERABILITY IN JETBRAINS INTELLIJ-BASED IDE & JETBRAINS GITHUB PLUGIN
CVE-2024-37051
CVSS 9.3 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)
Sources
Risks
GitHub access tokens could be exposed to third party sites in JetBrains IDEs, which could lead to unauthorised access to code repositories and therefore poses a supply chain risk.
Update 13/06/2024: A proof of concept is available. The Centre for Cybersecurity Belgium assesses exploitation is likely to take place in the future.
The Centre for Cybersecurity Belgium (CCB) recommends system administrators patch vulnerable systems as soon as possible and to follow the additional measures as recommended by the vendor. Analyse system and network logs for any suspicious activity. This report has instructions to help your organisation.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
Description
GitHub access token could be exposed to third-party sites in JetBrains IDEs.
The issue affects all IntelliJ-based IDEs as of 2023.1 onwards that have the JetBrains GitHub plugin enabled and configured/in-use. The issue is now resolved and a fix has been provided for all IDEs based on the IntelliJ Platform from version 2023.1 onwards:
- Aqua: 2024.1.2
- CLion: 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2
- DataGrip: 2024.1.4
- DataSpell: 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2
- GoLand: 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3
- IntelliJ IDEA: 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3
- MPS: 2023.2.1, 2023.3.1, 2024.1 EAP2
- PhpStorm: 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3
- PyCharm: 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2
- Rider: 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3
- RubyMine: 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4
- RustRover: 2024.1.1
- WebStorm: 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
Recommended Actions
Patch
The CCB strongly recommends installing updates for vulnerable software with the highest priority, after thorough testing.
The CCB also strongly recommends to follow the additional mitigation as recommend by the vendor and thus to revoke access tokens used by the vulnerable GitHub plugin.
The latest version of the involved product can be found on their website:
Monitor/Detect
The CCB recommends organisations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.