CVE-2024-37051
📋 TL;DR
This vulnerability in JetBrains IDEs exposes GitHub access tokens to third-party websites, potentially allowing attackers to steal credentials and access private repositories. It affects users of JetBrains IDEs from version 2023.1 up to specific patched versions across multiple products.
💻 Affected Systems
- IntelliJ IDEA
- Aqua
- CLion
- DataGrip
- DataSpell
- GoLand
- MPS
- PhpStorm
- PyCharm
- Rider
- RubyMine
- RustRover
- WebStorm
📦 What is this software?
Aqua by Jetbrains
Clion by Jetbrains
Clion by Jetbrains
Clion by Jetbrains
Clion by Jetbrains
Datagrip by Jetbrains
Datagrip by Jetbrains
Datagrip by Jetbrains
Datagrip by Jetbrains
Dataspell by Jetbrains
Dataspell by Jetbrains
Dataspell by Jetbrains
Dataspell by Jetbrains
Goland by Jetbrains
Goland by Jetbrains
Goland by Jetbrains
Goland by Jetbrains
Intellij Idea by Jetbrains
Intellij Idea by Jetbrains
Intellij Idea by Jetbrains
Intellij Idea by Jetbrains
Mps by Jetbrains
Mps by Jetbrains
Phpstorm by Jetbrains
Phpstorm by Jetbrains
Phpstorm by Jetbrains
Phpstorm by Jetbrains
Pycharm by Jetbrains
Pycharm by Jetbrains
Pycharm by Jetbrains
Pycharm by Jetbrains
Rider by Jetbrains
Rider by Jetbrains
Rider by Jetbrains
Rider by Jetbrains
Rubymine by Jetbrains
Rubymine by Jetbrains
Rubymine by Jetbrains
Rubymine by Jetbrains
Rustrover by Jetbrains
Webstorm by Jetbrains
Webstorm by Jetbrains
Webstorm by Jetbrains
Webstorm by Jetbrains
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain access to private GitHub repositories, commit malicious code, steal intellectual property, or use tokens for further attacks on GitHub-connected systems.
Likely Case
Token theft leading to unauthorized access to private repositories, potentially exposing sensitive code or data.
If Mitigated
Limited impact if tokens have minimal permissions, are regularly rotated, or if repositories contain only public/non-sensitive data.
🎯 Exploit Status
Exploitation requires user interaction (visiting malicious site) but token exposure is automatic once conditions are met.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
Vendor Advisory: https://www.jetbrains.com/privacy-security/issues-fixed/
Restart Required: Yes
Instructions:
1. Open affected JetBrains IDE
2. Go to Help > Check for Updates
3. Follow prompts to download and install latest version
4. Restart IDE after installation completes
🔧 Temporary Workarounds
Disable GitHub Integration
allTemporarily disable GitHub integration to prevent token exposure
Settings/Preferences > Version Control > GitHub > Remove account
Use Browser for GitHub
allUse external browser instead of IDE's built-in browser for GitHub operations
🧯 If You Can't Patch
- Rotate all GitHub access tokens used with affected IDEs immediately
- Avoid visiting untrusted websites while using affected IDE versions
🔍 How to Verify
Check if Vulnerable:
Check IDE version in Help > About and compare with affected versions listCheck Version:
Help > About in IDE interfaceVerify Fix Applied:
Verify IDE version is at or above patched versions listed in fix_official.patch_version📡 Detection & Monitoring
Log Indicators:
- Unusual GitHub API calls from unexpected locations
- Token usage patterns inconsistent with normal developer activity
Network Indicators:
- GitHub API requests from non-IDE user agents or unexpected IPs
SIEM Query:
source="github_audit_log" AND (action:"oauth_authorization.create" OR action:"repo.access") AND actor NOT IN [expected_users]