Monday, July 22, 2024
HomeGolangUpdates for safety difficulty affecting IntelliJ-based IDEs 2023.1+ and JetBrains GitHub Plugin

Updates for safety difficulty affecting IntelliJ-based IDEs 2023.1+ and JetBrains GitHub Plugin

A brand new safety difficulty was found that impacts the JetBrains GitHub plugin on the IntelliJ Platform, which may result in disclosure of entry tokens to third-party websites. The difficulty impacts all IntelliJ-based IDEs as of 2023.1 onwards which have the JetBrains GitHub plugin enabled and configured/in-use. 

The difficulty is now resolved and a repair has been supplied for all IDEs based mostly on the IntelliJ Platform from model 2023.1 onwards.

Mounted Variations Obtainable

  • Aqua: 2024.1.2
  • CLion: 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2
  • DataGrip: 2024.1.4
  • DataSpell: 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2
  • GoLand: 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3
  • IntelliJ IDEA: 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3
  • MPS: 2023.2.1, 2023.3.1, 2024.1 EAP2
  • PhpStorm: 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3
  • PyCharm: 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2
  • Rider: 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3
  • RubyMine: 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4
  • RustRover: 2024.1.1
  • WebStorm: 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4

The JetBrains GitHub plugin has additionally been up to date with the repair, and beforehand affected variations have been faraway from JetBrains Market

You probably have not up to date to the most recent model, we strongly urge you to take action.

The Particulars

On the twenty ninth of Might 2024 we acquired an exterior safety report with particulars of a attainable vulnerability that will have an effect on pull requests throughout the IDE. Particularly, malicious content material as a part of a pull request to a GitHub venture which might be dealt with by IntelliJ-based IDEs, would expose entry tokens to a third-party host. The CVE ID assigned to this vulnerability is CVE-2024-37051.

Along with assessing the problem and beginning work on a decision, we additionally instantly contacted GitHub to help us with mitigation. Please be aware that because of these mitigation measures, the JetBrains GitHub plugin in older variations of JetBrains IDEs could not work as anticipated.

What’s required of you

At first, we strongly suggest updating to the most recent model accessible to your IDE. 

Moreover, you probably have actively used GitHub pull request performance within the IDE, we strongly advise that you simply revoke any GitHub tokens being utilized by the plugin. Provided that the plugin can use OAuth integration or Private Entry Token (PAT), please test each and revoke as obligatory:

  1. OAuth Integration Settings: go to Functions → Licensed OAuth Apps and revoke entry for the JetBrains IDE Integration utility.
  2. Private Entry Token Settings: go to the Tokens web page and delete the token issued for the plugin. The default token identify is IntelliJ IDEA GitHub integration plugin, however you could be utilizing customized names as properly.

Please be aware that after the token has been revoked, you will want to arrange the plugin once more as all plugin options (together with Git operations) will cease working.  

We sincerely need to apologize for any inconvenience this will likely trigger you.


image description



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments