CVE-2024-52555

Severity Score

6.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script

*Credits: N/A

CVSS Scores

JetBrains s.r.o.v3.1 6.3

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-11-13 CVE Reserved
2024-11-15 CVE Published
2024-11-15 CVE Updated
2024-11-16 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data

CAPEC

References (1)

URL	Tag	Source
https://www.jetbrains.com/privacy-security/issues-fixed

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
JetBrains Search vendor "JetBrains"		WebStorm Search vendor "JetBrains" for product "WebStorm"				< 2024.3 Search vendor "JetBrains" for product "WebStorm" and version " < 2024.3"		en		Affected