GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7…
| Vendor | Product | Versions |
|---|---|---|
| JetBrains | IntelliJ IDEA | 2023.1, 2023.1, 2023.1, 2023.1, 2023.1 |
| JetBrains | Aqua | 0 |
| JetBrains | CLion | 2023.1, 2023.1, 2023.1, 2023.1, 2023.1 |
| JetBrains | DataGrip | 2023.1, 2023.1, 2023.1, 2023.1 |
| JetBrains | DataSpell | 2023.1, 2023.1, 2023.1, 2023.1, 2023.1 |
| JetBrains | GoLand | 2023.1, 2023.1, 2023.1, 2023.1, 2023.1 |
| JetBrains | MPS | 2023.1, 2023.1, 2023.1 |
| JetBrains | PhpStorm | 2023.1, 2023.1, 2023.1, 2023.1, 2023.1 |
| JetBrains | PyCharm | 2023.1, 2023.1, 2023.1, 2023.1, 2023.1 |
| JetBrains | Rider | 2023.1, 2023.1, 2023.1, 2023.1 |
| JetBrains | RubyMine | 2023.1, 2023.1, 2023.1, 2023.1, 2023.1 |
| JetBrains | RustRover | 0 |
| JetBrains | WebStorm | 2023.1, 2023.1, 2023.1, 2023.1 |
Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.
For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:
No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.