Agentic AI Module Added To NHI Training Course

Forums
The Non-Human & AI ...
NHI Breaches
Critical JetBrains ...
 
Notifications
Clear all

Critical JetBrains Data Breach Exposes GitHub Tokens

 
    Last Post
  RSS

 NHI Mgmt Group
(@nhi-mgmt-group)
Prominent Member
Joined: 8 months ago
Posts: 276
Topic starter 17/12/2025 4:41 pm  

Executive Summary

In May 2024, a critical vulnerability (CVE-2024-37051) was discovered in JetBrains’ GitHub plugin for IntelliJ-based IDEs, impacting versions from 2023.1 onwards. This vulnerability, with a CVSS score of 9.3, allowed malicious third parties to exploit GitHub access tokens through malicious pull requests. As a result, unauthorized access to GitHub repositories became a significant risk for organizations and developers alike. The breach was reported on May 29, 2024, prompting immediate investigation and remediation efforts by JetBrains. Users were advised to revoke compromised tokens and update their software to mitigate ongoing threats.

👉 Read the full breach analysis from NHI Mgmt Group here

Key Details

Breach Timeline

  • May 29, 2024: JetBrains received an external security report detailing the vulnerability in the GitHub plugin.
  • June 10, 2024: JetBrains initiated an investigation and began coordinating with GitHub to address the risks.
  • June 12, 2024: Updated versions of the IDEs and plugins were released; users were advised to revoke compromised tokens.

Data Compromised

  • The breach primarily exposed GitHub access tokens, which could grant unauthorized access to private repositories.
  • Developers using affected versions of IntelliJ-based IDEs were significantly impacted, risking project confidentiality.

Impact Assessment

  • The vulnerability posed a substantial risk to organizations relying on JetBrains tools for software development.
  • Potential data breaches could lead to financial loss and reputational damage for affected parties.

Company Response

  • JetBrains acted promptly by releasing patches and updates to remediate the vulnerability.
  • Advisories were published guiding users on revoking compromised tokens and securing their GitHub accounts.

Security Implications

  • This incident highlights the importance of monitoring third-party plugins and dependencies in software development.
  • Organizations are advised to implement strict security protocols to manage token and API key exposure.

👉 If you want to learn more about how to secure NHIs including AI Agents, check our NHI Foundational Training Course.



   
Quote
Topic Tags
Data Breach Cybersecurity JetBrains GitHub Tokens Vulnerability Management
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  Data Breach (78) , Cybersecurity (111) , JetBrains (1) , GitHub Tokens (1) , Vulnerability Management (5) ,
Share:

#1 Authority in NHI Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs).

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.