CVE-2024-37051

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-522
View all →

Vulnerability Description

GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4

Related Vulnerabilities

CVE-2012-3823

HIGH
CVSS:7.5(High)

Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved.

CWE-5222012

CVE-2012-6663

HIGH
CVSS:7.5(High)

General Electric D20ME devices are not properly configured and reveal plaintext passwords.

CWE-5222012

CVE-2013-2106

HIGH
CVSS:7.5(High)

webauth before 4.6.1 has authentication credential disclosure

CWE-5222013

CVE-2013-2672

HIGH
CVSS:7.5(High)

Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords.

CWE-5222013

CVE-2013-3313

HIGH
CVSS:7.5(High)

The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can al...

CWE-5222013

CVE-2013-3620

HIGH
CVSS:7.5(High)

Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generati...

CWE-5222013