Vulnerabilites related to JetBrains - WebStorm
Vulnerability from fkie_nvd
Published
2024-11-15 16:15
Modified
2025-01-31 14:37
Severity ?
6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@jetbrains.com | https://www.jetbrains.com/privacy-security/issues-fixed/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B96E2A6-9D64-4F5E-86B5-C4076E9FC009",
"versionEndExcluding": "2024.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script"
},
{
"lang": "es",
"value": "En JetBrains WebStorm anterior a la versi\u00f3n 2024.3, la ejecuci\u00f3n de c\u00f3digo en modo de proyecto no confiable era posible a trav\u00e9s del script de instalaci\u00f3n de definiciones de tipo"
}
],
"id": "CVE-2024-52555",
"lastModified": "2025-01-31T14:37:51.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2,
"source": "cve@jetbrains.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-15T16:15:38.340",
"references": [
{
"source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"sourceIdentifier": "cve@jetbrains.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-349"
}
],
"source": "cve@jetbrains.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-11 13:15
Modified
2024-11-21 06:06
Severity ?
Summary
In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "591D5243-B8C3-439A-AFEA-10825881E613",
"versionEndExcluding": "2021.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects."
},
{
"lang": "es",
"value": "En JetBrains WebStorm versiones anteriores a 2021.1, una ejecuci\u00f3n de c\u00f3digo sin la confirmaci\u00f3n del usuario fue posible para proyectos que no eran confiable"
}
],
"id": "CVE-2021-31897",
"lastModified": "2024-11-21T06:06:27.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-11T13:15:12.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.jetbrains.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.jetbrains.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-10 16:15
Modified
2024-11-21 09:23
Severity ?
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jetbrains | aqua | * | |
| jetbrains | clion | * | |
| jetbrains | clion | * | |
| jetbrains | clion | * | |
| jetbrains | clion | * | |
| jetbrains | datagrip | * | |
| jetbrains | datagrip | * | |
| jetbrains | datagrip | * | |
| jetbrains | datagrip | * | |
| jetbrains | dataspell | * | |
| jetbrains | dataspell | * | |
| jetbrains | dataspell | * | |
| jetbrains | dataspell | * | |
| jetbrains | goland | * | |
| jetbrains | goland | * | |
| jetbrains | goland | * | |
| jetbrains | goland | * | |
| jetbrains | intellij_idea | * | |
| jetbrains | intellij_idea | * | |
| jetbrains | intellij_idea | * | |
| jetbrains | intellij_idea | * | |
| jetbrains | mps | * | |
| jetbrains | mps | 2023.3.0 | |
| jetbrains | phpstorm | * | |
| jetbrains | phpstorm | * | |
| jetbrains | phpstorm | * | |
| jetbrains | phpstorm | * | |
| jetbrains | pycharm | * | |
| jetbrains | pycharm | * | |
| jetbrains | pycharm | * | |
| jetbrains | pycharm | * | |
| jetbrains | rider | * | |
| jetbrains | rider | * | |
| jetbrains | rider | * | |
| jetbrains | rider | * | |
| jetbrains | rubymine | * | |
| jetbrains | rubymine | * | |
| jetbrains | rubymine | * | |
| jetbrains | rubymine | * | |
| jetbrains | rustrover | * | |
| jetbrains | webstorm | * | |
| jetbrains | webstorm | * | |
| jetbrains | webstorm | * | |
| jetbrains | webstorm | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jetbrains:aqua:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20608E8B-5B89-41AC-BDF9-1B78BA4CDE62",
"versionEndExcluding": "2024.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC5C849-5663-4040-A967-D82B67588F15",
"versionEndExcluding": "2023.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "394A2D3B-C1D5-4942-A6B3-326DA6E4586B",
"versionEndExcluding": "2023.2.4",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB121B1D-34B9-4C08-8652-4791E7B92C20",
"versionEndExcluding": "2023.3.5",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "177F5831-420A-4EC7-8520-79BEA7DC91A1",
"versionEndExcluding": "2024.1.3",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F42B34B-DD62-4076-B965-D784F28361F1",
"versionEndExcluding": "2023.1.3",
"versionStartIncluding": "2023.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8371359A-BCB7-40E6-BE71-16E107288E49",
"versionEndExcluding": "2023.2.4",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2E54A2-FCAF-451D-87D2-70F9D4DC5C5F",
"versionEndExcluding": "2023.3.5",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "198ED5D0-C88D-4AFA-9E15-9934C66650F6",
"versionEndExcluding": "2024.1.4",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD714D72-765A-4C2B-A1EA-ED79681DF0A1",
"versionEndExcluding": "2023.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04D60572-17BB-4F5C-96E2-41482F0312DA",
"versionEndExcluding": "2023.2.7",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "249CCE69-467E-4181-B114-4BE2566CFAC4",
"versionEndExcluding": "2023.3.6",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2523C4F3-39A5-4FCA-90CA-3B121460733B",
"versionEndExcluding": "2024.1.2",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8C3F6C-4CAD-4AFC-9625-7CDD5AB2472E",
"versionEndExcluding": "2023.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FA39DB-F6A1-4213-A0BF-37A1FFC56CF2",
"versionEndExcluding": "2023.2.7",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91F7AE04-C3B2-4700-89C2-64FFD59C313B",
"versionEndExcluding": "2023.3.7",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB43612E-FD6C-4220-8B11-336B4F2AF1ED",
"versionEndExcluding": "2024.1.3",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B29A0AC-82A9-4E3B-A425-CE60024A0B2B",
"versionEndExcluding": "2023.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3284FF4C-73B4-41B8-8F68-AF8DD234DDB6",
"versionEndExcluding": "2023.2.7",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39D4B44F-9182-437D-8E69-FDE818F7921B",
"versionEndExcluding": "2023.3.7",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF21B58-29E9-4446-A27A-BB12C7C311E9",
"versionEndExcluding": "2024.1.3",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:mps:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B284C2E0-4CE1-49BA-9AEF-8B0B5D6CB33C",
"versionEndExcluding": "2023.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:mps:2023.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1342D0F0-35E1-42B6-8D0B-95D2C6E5E348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC207EA-07BE-403B-B759-900F3EE90272",
"versionEndExcluding": "2023.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71DF05BF-A5E6-4BCF-B806-BD4E73D4D903",
"versionEndExcluding": "2023.2.6",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61A47B15-DA71-48AE-8AA0-B9BA68F20AFC",
"versionEndExcluding": "2023.3.7",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07D8FF11-75BC-4802-8414-7A132D929040",
"versionEndExcluding": "2024.1.3",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21BB4064-431B-4D86-9C48-D2AC47E37226",
"versionEndExcluding": "2023.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2CF5D2-0BC4-43F2-BC49-CB3F3641B9E1",
"versionEndExcluding": "2023.2.7",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "394B00FC-FBA7-40FE-8082-28C662692ECB",
"versionEndExcluding": "2023.3.6",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C55365AC-1F86-4EDF-BB75-0AD048E6BE21",
"versionEndExcluding": "2024.1.3",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B5658AA-5223-4E63-BB1F-9584C614CBE6",
"versionEndExcluding": "2023.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC318D9-7713-42E1-BD17-B3A569F356EF",
"versionEndExcluding": "2023.2.5",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5525193-53E0-42B5-87CD-DDABBFBCBD99",
"versionEndExcluding": "2023.3.6",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E62FF44C-C639-4751-A512-9A88E7D16982",
"versionEndExcluding": "2024.1.3",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C88E44A7-4F55-47DD-8B45-33FA50FF4D92",
"versionEndExcluding": "2023.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "017D5DBB-AD63-4B95-86BD-A1425EB4D881",
"versionEndExcluding": "2023.2.7",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "091F7E8D-18F9-47BA-9DC9-96245DF10789",
"versionEndExcluding": "2023.3.7",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34DC255F-9ECC-4B41-A8BA-0F70792823A3",
"versionEndExcluding": "2024.1.3",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rustrover:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA65266-C23F-403C-AD23-59096B41AD58",
"versionEndExcluding": "2024.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6367B0C-9050-4BDC-9D26-80C251FC3270",
"versionEndExcluding": "2023.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA57E3D7-80D1-420F-9FA7-2D503626027F",
"versionEndExcluding": "2023.2.7",
"versionStartIncluding": "2023.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D60460C9-6913-441E-99BE-19EB4459836F",
"versionEndExcluding": "2023.3.7",
"versionStartIncluding": "2023.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1720820F-2FB4-4AAC-A139-CF7C493A751A",
"versionEndExcluding": "2024.1.4",
"versionStartIncluding": "2024.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4"
},
{
"lang": "es",
"value": "El token de acceso de GitHub podr\u00eda estar expuesto a sitios de terceros en los IDE de JetBrains posteriores a la versi\u00f3n 2023.1 y anteriores a: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4 "
}
],
"id": "CVE-2024-37051",
"lastModified": "2024-11-21T09:23:06.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.8,
"source": "cve@jetbrains.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-10T16:15:16.713",
"references": [
{
"source": "cve@jetbrains.com",
"url": "https://security.netapp.com/advisory/ntap-20240705-0004/"
},
{
"source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240705-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"sourceIdentifier": "cve@jetbrains.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "cve@jetbrains.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-25 15:15
Modified
2024-11-21 06:33
Severity ?
Summary
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jetbrains | clion | 2021.3.1 | |
| jetbrains | goland | 2021.3.1 | |
| jetbrains | intellij_idea | 2021.3.1 | |
| jetbrains | intellij_idea | 2021.3.1 | |
| jetbrains | phpstorm | 2021.3.1 | |
| jetbrains | phpstorm | 2021.3.1 | |
| jetbrains | pycharm | 2021.3.1 | |
| jetbrains | rubymine | 2021.3.1 | |
| jetbrains | rubymine | 2021.3.1 | |
| jetbrains | webstorm | 2021.3.1 | |
| jetbrains | webstorm | 2021.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jetbrains:clion:2021.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7905F91F-C635-4247-9035-2A925D81DAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:goland:2021.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1580A59C-98A3-4364-8CE6-446978717DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:intellij_idea:2021.3.1:preview:*:*:*:*:*:*",
"matchCriteriaId": "58106DEB-A207-419E-BC7D-3314A183933C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:intellij_idea:2021.3.1:rc:*:*:*:*:*:*",
"matchCriteriaId": "B9BFA1D8-88E8-4FAE-8AA1-E6B5A1A2B116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:phpstorm:2021.3.1:preview:*:*:*:*:*:*",
"matchCriteriaId": "FC94D4DD-BF03-4AC0-BC09-AFC0A610EAC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:phpstorm:2021.3.1:rc:*:*:*:*:*:*",
"matchCriteriaId": "0F0AAD1A-350D-4C05-851F-336B002D7625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:pycharm:2021.3.1:2021.3.1:*:*:professional:*:*:*",
"matchCriteriaId": "863E231E-BA8B-4AFF-93B5-AC4B6ED77DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rubymine:2021.3.1:preview:*:*:*:*:*:*",
"matchCriteriaId": "53907452-7757-478A-BB2C-6BC6D71021BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rubymine:2021.3.1:rc:*:*:*:*:*:*",
"matchCriteriaId": "EA1040E6-253E-4B28-9742-D0ECC253BF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:webstorm:2021.3.1:preview:*:*:*:*:*:*",
"matchCriteriaId": "6C1FC666-E2B2-4A7A-8D85-D5B9BDF7CA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:webstorm:2021.3.1:rc:*:*:*:*:*:*",
"matchCriteriaId": "EE80631A-58C8-41B0-A64C-EA4BACB4DB5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1."
},
{
"lang": "es",
"value": "JetBrains IntelliJ IDEA versi\u00f3n 2021.3.1 Preview, IntelliJ IDEA versi\u00f3n 2021.3.1 RC, PyCharm Professional versi\u00f3n 2021.3.1 RC, GoLand versi\u00f3n 2021.3.1, PhpStorm versi\u00f3n 2021.3.1 Preview, PhpStorm versi\u00f3n 2021.3.1 RC, RubyMine versi\u00f3n 2021. 3.1 Preview, RubyMine versi\u00f3n 2021.3.1 RC, CLion versi\u00f3n 2021.3.1, WebStorm versi\u00f3n 2021.3.1 Preview, y WebStorm versi\u00f3n 2021.3.1 RC (usados como IDEs de desarrollo remoto) son enlazados a la direcci\u00f3n IP 0.0.0.0. Las versiones fijas son: IntelliJ IDEA versi\u00f3n 2021.3.1, PyCharm Professional versi\u00f3n 2021.3.1, GoLand versi\u00f3n 2021.3.2, PhpStorm versi\u00f3n 2021.3.1 (213.6461.83), RubyMine versi\u00f3n 2021.3.1, CLion versi\u00f3n 2021.3.2, y WebStorm versi\u00f3n 2021.3.1."
}
],
"id": "CVE-2021-45977",
"lastModified": "2024-11-21T06:33:24.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-25T15:15:09.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://jetbrains.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://jetbrains.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-11 13:15
Modified
2024-11-21 06:06
Severity ?
Summary
In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "591D5243-B8C3-439A-AFEA-10825881E613",
"versionEndExcluding": "2021.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS."
},
{
"lang": "es",
"value": "En JetBrains WebStorm versiones anteriores a 2021.1, fueron usados peticiones HTTP en lugar de HTTPS"
}
],
"id": "CVE-2021-31898",
"lastModified": "2024-11-21T06:06:27.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-11T13:15:12.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.jetbrains.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.jetbrains.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-45977 (GCVE-0-2021-45977)
Vulnerability from cvelistv5
Published
2022-02-25 14:36
Modified
2024-08-04 04:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:31.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jetbrains.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-25T14:36:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jetbrains.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jetbrains.com",
"refsource": "MISC",
"url": "https://jetbrains.com"
},
{
"name": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/",
"refsource": "MISC",
"url": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45977",
"datePublished": "2022-02-25T14:36:13",
"dateReserved": "2022-01-01T00:00:00",
"dateUpdated": "2024-08-04T04:54:31.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37051 (GCVE-0-2024-37051)
Vulnerability from cvelistv5
Published
2024-06-10 15:58
Modified
2025-02-13 17:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | JetBrains | IntelliJ IDEA |
Version: 2023.1 ≤ Version: 2023.1 ≤ Version: 2023.1 ≤ Version: 2023.1 ≤ Version: 2023.1 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intellij_idea",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intellij_idea",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intellij_idea",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intellij_idea",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intellij_idea",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2 EAP3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:aqua:2024.1.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aqua",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clion",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clion",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.4",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clion",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.5",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clion",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:datagrip:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "datagrip",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.4",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dataspell",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clion",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2_eap2",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:datagrip:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "datagrip",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:datagrip:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "datagrip",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.4",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:datagrip:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "datagrip",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.5",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dataspell",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dataspell",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dataspell",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.2",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dataspell",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2 EAP1",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "goland",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "goland",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "goland",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "goland",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "goland",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2 EAP3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:mps:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mps",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.1",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:mps:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mps",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.1",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:mps:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mps",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1 EAP2",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2 EAP3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pycharm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pycharm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pycharm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pycharm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pycharm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2 EAP2",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rider:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rider",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rider:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rider",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.5",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rider:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rider",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clion",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rubymine",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rubymine",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rubymine",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rubymine",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rubymine",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2 EAP4",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rustrover:2024.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rustrover",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.4",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37051",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T03:55:09.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240705-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aqua",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CLion",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.4",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.5",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP2",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataGrip",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.4",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.5",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.4",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataSpell",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.2",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP1",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GoLand",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MPS",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.2.1",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.1",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1 EAP2",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PhpStorm",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PyCharm",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP2",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Rider",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.5",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RubyMine",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP4",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RustRover",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.1.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WebStorm",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.4",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T16:06:01.631Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240705-0004/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2024-37051",
"datePublished": "2024-06-10T15:58:06.021Z",
"dateReserved": "2024-05-31T14:05:53.462Z",
"dateUpdated": "2025-02-13T17:52:58.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52555 (GCVE-0-2024-52555)
Vulnerability from cvelistv5
Published
2024-11-15 15:05
Modified
2024-11-15 18:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52555",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T18:55:09.689738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T18:56:12.581Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WebStorm",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-349",
"description": "CWE-349",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:05:03.874Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2024-52555",
"datePublished": "2024-11-15T15:05:03.874Z",
"dateReserved": "2024-11-13T15:25:18.383Z",
"dateUpdated": "2024-11-15T18:56:12.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31897 (GCVE-0-2021-31897)
Vulnerability from cvelistv5
Published
2021-05-11 12:19
Modified
2024-08-03 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jetbrains.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:19:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jetbrains.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.jetbrains.com",
"refsource": "MISC",
"url": "https://blog.jetbrains.com"
},
{
"name": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/",
"refsource": "MISC",
"url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31897",
"datePublished": "2021-05-11T12:19:47",
"dateReserved": "2021-04-29T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31898 (GCVE-0-2021-31898)
Vulnerability from cvelistv5
Published
2021-05-11 12:18
Modified
2024-08-03 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jetbrains.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:18:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jetbrains.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.jetbrains.com",
"refsource": "MISC",
"url": "https://blog.jetbrains.com"
},
{
"name": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/",
"refsource": "MISC",
"url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31898",
"datePublished": "2021-05-11T12:18:20",
"dateReserved": "2021-04-29T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}