JetBrains warned customers to address a critical vulnerability, tracked as CVE-2024-37051, that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens.<\/p>\n\n\n\n
The flaw impacts IntelliJ-based IDEs version 2023.1 and later, where the JetBrains GitHub plugin is enabled and configured\/used.
“A new\u00a0security issue<\/a>\u00a0was discovered that affects the JetBrains\u00a0GitHub plugin<\/a>\u00a0on the IntelliJ Platform, which could lead to disclosure of access tokens to third-party sites. The issue affects all IntelliJ-based IDEs as of 2023.1 onwards that have the JetBrains GitHub plugin enabled and configured\/in-use.” reads the advisory<\/a> published by the company.\u00a0<\/em>
Below is the
“If you have not updated to the latest version, we strongly urge you to do so,” concludes the advisory.<\/em><\/p>\n\n\n\n
The company did not reveal if the vulnerability has been actively exploited in the wild.<\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/strong><\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0GitHub<\/strong>)<\/p>\n","protected":false},"excerpt":{"rendered":"