JetBrains Product Security Update Advisory

Overview

 

JetBrains has released an update to address vulnerabilities in their products. Users of the affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-37051

• Aqua
  • 2024.up to 1.2 (excluded)
• CLion
  • 2023.up to 1.7 (excluded)
  • 2023.2.0 (inclusive) ~ 2023.2.4 (excluded)
  • 2023.from 3.0 (inclusive) ~ 2023.3.5 (excluded)
  • 2024.1.0 (inclusive) ~ 2024.1.3 (excluded)
• DataGrip
  • 2023.from 1.0 (inclusive) ~ 2023.1.3 (excluded)
  • 2023.from 2.0 (inclusive) ~ 2023.2.4 (excluded)
  • 2023.from 3.0 (inclusive) ~ 2023.3.5 (excluded)
  • 2024.from 1.0 (inclusive) ~ 2024.1.4 (excluded)
• DataSpell
  • ~ 2023.1.6 (excluded)
  • 2023.2.0 (inclusive) ~ 2023.2.7 (excluded)
  • 2023.3.0 (inclusive) ~ 2023.3.6 (excluded)
  • 2024.1.0 (inclusive) ~ 2024.1.2 (excluded)
• GoLand
  • ~ 2023.1.6 (excluded)
  • 2023.2.0 (inclusive) ~ 2023.2.7 (excluded)
  • 2023.3.0 (inclusive) ~ 2023.3.7 (excluded)
  • 2024.1.0 (inclusive) ~ 2024.1.3 (excluded)
• IntelliJ IDEA
  • ~ 2023.1.7 (excluded)
  • 2023.from 2.0 (inclusive) ~ 2023.2.7 (excluded)
  • 2023.from 3.0 (inclusive) ~ 2023.3.7 (excluded)
  • 2024.from 1.0 (inclusive) ~ 2024.1.3 (excluded)
• MPS
  • ~ 2023.2.1 (excluded)
• PhpStorm
  • ~ 2023.1.6 (excluded)
  • 2023.2.0 (inclusive) ~ 2023.2.6 (excluded)
  • 2023.3.0 (inclusive) ~ 2023.3.7 (excluded)
  • 2024.1.0 (inclusive) ~ 2024.1.3 (excluded)
• PyCharm
  • ~ 2023.1.6 (excluded)
  • 2023.2.0 (inclusive) ~ 2023.2.7 (excluded)
  • 2023.3.0 (inclusive) ~ 2023.3.6 (excluded)
  • 2024.1.0 (inclusive) ~ 2024.1.3 (excluded)
• Rider
  • ~ 2023.1.7 (excluded)
  • 2023.2.0 ~ 2023.2.5 (excluded)
  • 2023.3.0 ~ 2023.3.6 (excluded)
  • 2024.1.0 ~ 2024.1.3 (excluded)
• RubyMine
  • ~ 2023.1.7 (excluded)
  • 2023.2.0 ~ 2023.2.7 (excluded)
  • 2023.3.0 ~ 2023.3.7 (excluded)
  • 2024.1.0 ~ 2024.1.3 (excluded)
• RustRover
  • ~ 2024.1.1 (excluded)
• WebStorm
  • ~ 2023.1.6 (excluded)
  • 2023.2.0 ~ 2023.2.7 (excluded)
  • 2023.3.0 ~ 2023.3.7 (excluded)
  • 2024.1.0 ~ 2024.1.4 (excluded)

 

Resolved Vulnerabilities

 

Access Token exposure vulnerability in the JetBrains GitHub plugin for IntelliJ-based IDEs (CVE-2024-37051) [2][3]

• Aqua
  • 12.6(2) ES03
• CLion
  • 2023.1.7
  • 2023.2.4
  • 2023.3.5
  • 2024.1.3
  • 2024.2 EAP2
• DataGrip
  • 2023.1.3
  • 2023.2.4
  • 2023.3.5
  • 2024.1.4
• DataSpell
  • 2023.1.6
  • 2023.2.7
  • 2023.3.6
  • 2024.1.2
  • 2024.2 EAP1
• GoLand
  • 2023.1.6
  • 2023.2.7
  • 2023.3.7
  • 2024.1.3
  • 2024.2 EAP3
• IntelliJ IDEA
  • 2023.1.7
  • 2023.2.7
  • 2023.3.7
  • 2024.1.3
  • 2024.2 EAP3
• MPS
  • 2023.2.1
  • 2023.3.1
  • 2024.1 EAP2
• PhpStorm
  • 2023.1.6
  • 2023.2.6
  • 2023.3.7
  • 2024.1.3
  • 2024.2 EAP3
• PyCharm
  • 2023.1.6
  • 2023.2.7
  • 2023.3.6
  • 2024.1.3
  • 2024.2 EAP2
• Rider
  • 2023.1.7
  • 2023.2.5
  • 2023.3.6
  • 2024.1.3
• RubyMine
  • 2023.1.7
  • 2023.2.7
  • 2023.3.7
  • 2024.1.3
  • 2024.2 EAP4
• RustRover
  • 2024.1.1
• WebStorm
  • 2023.1.6
  • 2023.2.7
  • 2023.3.7
  • 2024.1.4

 

Vulnerability Patches

 

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

 

Referenced Sites

 

[1] https://blog.jetbrains.com/security/2024/06/updates-for-security-issue-affecting-intellij-based-ides-2023-1-and-github-plugin/

[2] https://www.jetbrains.com/privacy-security/issues-fixed/

[3] https://nvd.nist.gov/vuln/detail/CVE-2024-37051