5 results (0.006 seconds)

CVSS: 9.3EPSS: 0%CPEs: 44EXPL: 2

GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4 El token de acceso de GitHub podría estar expuesto a sitios de terceros en los IDE de JetBrains posteriores a la versión 2023.1 y anteriores a: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4 • https://github.com/LeadroyaL/CVE-2024-37051-EXP https://github.com/mrblackstar26/CVE-2024-37051 https://www.jetbrains.com/privacy-security/issues-fixed https://security.netapp.com/advisory/ntap-20240705-0004 • CWE-522: Insufficiently Protected Credentials •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible En JetBrains Rider antes de 2023.3.3 era posible el registro de variables de entorno que contenían valores secretos • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution En JetBrains Rider versiones anteriores a 2022.2, el diálogo confiable y de apertura de proyectos puede ser evitada, conllevando a una ejecución de código local • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3. En JetBrains Rider versiones 2019.3 EAP2 hasta 2019.3 EAP7, se presentaron binarios no firmados provistos por parte del instalador de Windows. Este problema fue corregido en la publicación de la versión 2019.3. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/01/24/jetbrains-security-bulletin-q4-2019 • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file. JetBrains Rider versiones anteriores a 2019.1.2, estaba usando un archivo JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll sin firmar. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-426: Untrusted Search Path •