if you using IntelliJ IDEA, DataGrip, PhpStorm, WebStorm, etc, you need to update. possible github access token hijacking

Summary: If you use JetBrain products, you need to update.

Issue: Possible github access token hijacking

Who: People using the versions listed below

• IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2
• DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4
• PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2
• WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4 Link: link1

Issue

• When using JetBrains IDE, github access token is exposed and can be accessed by access control
• Based on CWE-522 ( Link: CWE-522 )
  • Weak Authentication || Plaintext Storage of a Passworng || Storing Passwords in a Recoverable Format || Weak Encoding for Password || Password in Configuration File || Unprotected Transport of Credentials || Missing Password Field Masking || Storing Passwords in a Recoverable Format || Exposure of Resource to Wrong Sphere

how to fix

• Update IntelliJ (three upper right dots on Mac)

Issue Official Links

• National Institute of Standards and Technology NIST (Vulnerability 7.5 / 10): https://nvd.nist.gov/vuln/detail/CVE-2024-37051
  • Specified Weaknes: https://cwe.mitre.org/data/definitions/522.html
• JetBrain Issue Fixed List(rated Critical): https://www.jetbrains.com/privacy-security/issues-fixed/

And what made me find it…

• I use github through ide… token expired and re-login is not allowed… even though it’s a normal token