CVE-2021-45977
📋 TL;DR
This vulnerability in JetBrains IDEs used as Remote Development backends causes them to bind to all network interfaces (0.0.0.0) instead of localhost only, exposing development environments to unauthorized network access. It affects users running specific preview/RC versions of JetBrains IDEs in remote development mode. The CVSS 9.8 score indicates critical severity due to potential unauthorized access to development environments.
💻 Affected Systems
- IntelliJ IDEA
- PyCharm Professional
- GoLand
- PhpStorm
- RubyMine
- CLion
- WebStorm
📦 What is this software?
Clion by Jetbrains
Goland by Jetbrains
Intellij Idea by Jetbrains
Intellij Idea by Jetbrains
Phpstorm by Jetbrains
Phpstorm by Jetbrains
Pycharm by Jetbrains
Rubymine by Jetbrains
Rubymine by Jetbrains
Webstorm by Jetbrains
Webstorm by Jetbrains
⚠️ Risk & Real-World Impact
Worst Case
Unauthenticated attackers on the same network could gain full access to the development environment, potentially stealing source code, credentials, and executing arbitrary code.
Likely Case
Unauthorized users accessing exposed IDE services, potentially viewing/modifying projects or accessing integrated tools.
If Mitigated
Limited exposure if network segmentation/firewalls block external access, but local network users could still potentially access.
🎯 Exploit Status
Exploitation requires network access to the exposed service. No authentication needed if service is reachable.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, WebStorm 2021.3.1
Vendor Advisory: https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/
Restart Required: Yes
Instructions:
1. Open affected IDE. 2. Go to Help > Check for Updates. 3. Install available updates. 4. Restart IDE. 5. Verify version matches fixed versions listed above.
🔧 Temporary Workarounds
Network Firewall Restriction
allBlock network access to JetBrains IDE ports using host or network firewall
# Linux: iptables -A INPUT -p tcp --dport [IDE_PORT] -j DROP
# Windows: netsh advfirewall firewall add rule name="Block JetBrains IDE" dir=in action=block protocol=TCP localport=[IDE_PORT]
Bind to Localhost Only
allConfigure IDE to bind only to localhost/127.0.0.1 instead of all interfaces
# Check IDE configuration for network binding settings
# Modify IDE configuration files to set bind address to 127.0.0.1
🧯 If You Can't Patch
- Disable Remote Development feature entirely
- Use VPN/network segmentation to isolate development environments from untrusted networks
🔍 How to Verify
Check if Vulnerable:
Check IDE version in Help > About. If using Remote Development and version matches affected preview/RC versions listed, you are vulnerable.Check Version:
# Linux/Mac: Check IDE about dialog or installation directory
# Windows: Check IDE about dialog or Program Files\JetBrains directoryVerify Fix Applied:
Verify IDE version matches fixed versions listed above and test that IDE services are not accessible from network interfaces other than localhost.📡 Detection & Monitoring
Log Indicators:
- Unexpected network connections to IDE ports
- Authentication attempts from unexpected IP addresses
Network Indicators:
- Network scans targeting JetBrains IDE default ports
- Unexpected traffic to development environment IPs on IDE ports
SIEM Query:
source_ip NOT IN (trusted_dev_ips) AND dest_port IN (6942, 63342, 69420) OR process_name CONTAINS 'idea' AND network_connection